CN110268676A - The private cipher key computing system and method for the Self-certified signature scheme of identity-based - Google Patents
The private cipher key computing system and method for the Self-certified signature scheme of identity-based Download PDFInfo
- Publication number
- CN110268676A CN110268676A CN201880011027.7A CN201880011027A CN110268676A CN 110268676 A CN110268676 A CN 110268676A CN 201880011027 A CN201880011027 A CN 201880011027A CN 110268676 A CN110268676 A CN 110268676A
- Authority
- CN
- China
- Prior art keywords
- equipment
- random number
- key
- identity
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This document describes a kind of system and method for generating private cipher key for the equipment for participating in the Self-certified encipherment scheme of identity-based, wherein the equipment creates the common session key for being encoded to equipment room digital communication using the private cipher key.
Description
Technical field
The present invention relates to a kind of equipment for the Self-certified signature scheme for participation identity-based to generate private cipher key
System and method, wherein common session of the equipment using private cipher key creation for being encoded to equipment room digital communication is close
Key.Specifically, the private cipher key that system and a method according to the invention generates only is that equipment itself is known, without for it is any its
Known to its third party.
Background technique
Due to the fusion of multiple technologies, more and more equipment can be communicated wirelessly with internet seamless now
Or wirelessly exchange communication between devices.It is this to polymerize the prospect so that Internet of Things (Internet of Things, IoT)
It is got more and more attention in recent years.In Internet of Things, millions of a entities or equipment (i.e. object) will be connected to each other.These set
Standby includes equipment or the entities such as intelligent chip, intelligent plug, smartwatch, smart phone, intelligent vehicle, intelligent building,
They directly communicate with each other or pass through internet communication.
As Internet of Things expands to more areas, these equipment are easier the network attack by hacker or illegal user,
This is because impaired equipment can authorize the permission that malicious user accesses the equipment belonging network.It is most important that setting
Security protocol, to exchange the true of the data peer-entities that one object authentication of permission communicates before between the two entities
Property.In addition to this, once demonstrating the authenticity of entity, privacy key known to only the two entities must be just created, with
Convenient for signing between the two entities to data-message.Even if this is the number in order to ensure transmitting between the two entities
According to being trapped or redirecting, which will not be damaged.
Create privacy key for signing between the data communication entity common method be related to related side it
Between share public symmetric secret key in advance.For this method, the data-message to transmit between entities will use this pre-
It first shares or the privacy key made an appointment is signed.If receiving entity is able to use the privacy key shared in advance
The message received is decrypted, then means that the authenticity of sender is verified, recipient then can correspondingly continue with solution
Close message.Unfortunately, this method is not expansible, and lacks flexibility, since it is desired that in all trusted entities or equipment
These entities or equipment are shared in advance or sent to public secret before can communicating with one another.In IoT setting, the height of equipment
Mobility is a standard, and needs equipment exchanging data with one another that may have no chance to create privacy key in advance.
Another method proposed, which utilizes, is based on Public Key Infrastructure (public key
Infrastructure, PKI) solution, wherein the key pair for distributing to each authorized entity passes through public key certificate
It is bound with its holder.Then, key pair using the public key encryptions such as public key encryption or digital signature method system come
Signature or the public key certificate by verifying sender are carried out to data-message to verify the authenticity of sender.This disclosure
The setting and maintenance of key infrastructure are very expensive, and entity is required to keep in touch always with PKI server to verify phase
The public key certificate answered.
Another method proposed is authenticated entity using Identity based encryption technical method and to data-message
It signs.This Identity based encryption system is special public key encryption system, is based on Bilinear Pairing, and will
Then the identity such as user name, e-mail address, telephone number, IP address of entity is given birth to as public-key cryptography by key
Corresponding private cipher key is exported from the identity of the entity at center, which includes for generating the privately owned close of entity
The main privacy key of key.The shortcomings that this method is that Bilinear Pairing is a costly and time-consuming calculating process.
Another inherent defect of existing Identity based encryption scheme is that the private cipher key of user is usually given birth to by key
At being centrally generated.Key generation centre is arrived since the private cipher key of user is in trust, it means that key generation centre will possess
All private cipher keys of the user of the program.If key generation centre is once destroyed, this will imply that all of system
User will also be damaged.
Those skilled in the art, which have been working hard, due to the above reasons, finds out a kind of system and method and comes for identity-based
The user of signature scheme generates private cipher key, and wherein private cipher key is only known to each corresponding user.Then, private cipher key with
Identity-based signature scheme is used together, and will be used for verifying the authenticity of the user of the program, and generating in verifying user
Between encoded data message common session key.
Summary of the invention
System and method provided in an embodiment of the present invention solve the problems, such as it is above and other, and this field achieve into
Step.
First of system and method for the present invention embodiment is the advantage is that setting in the Self-certified signature scheme of identity-based
Standby or entity private cipher key is only that equipment itself is known, and trustship does not give any external third-parties such as key generation centre.
The second advantage of system and method for the present invention embodiment is, the private cipher key generated according to embodiments of the present invention
It is identical as the form of Self-certified signature scheme of existing identity-based, therefore can be in the Self-certified signer of existing identity-based
It is used in case, the operation of the Self-certified signature scheme without changing existing identity-based.
The third of system and method for the present invention embodiment is the advantage is that the present invention allows to carry out cross-domain authentication key friendship
It changes, has its exclusive wherein different key generation centres can issue user or the respective private cipher key of entity, each center
System parameter.
The 4th of system and method for the present invention embodiment is the advantage is that the present invention can be in Transport Layer Security
(Transport Layer Security, TLS) agreement or Datagram Transport Layer safety (Datagram Transport Layer
Security, DTLS) it uses in agreement, wherein the Self-certified signer of identity-based according to an embodiment of the present invention can be used
Case signs to the message of tls protocol or DTLS agreement.
Above-mentioned advantage is provided by the embodiment of the method according to the present invention operated in the following way.In brief, exist
In the subsequent explanation of the embodiment of the present invention, although multiplication symbol is used for finite-field arithmetic operation, those skilled in the art should understand
It recognizes, when realizing on elliptic curve, arithmetical operation should be described using add character.
According to a first aspect of the present invention, a kind of equipment calculating private for participate in the Self-certified signature scheme of identity-based
There are the system of key sk, including security server, be used for: the second random number r generated according to the security serveri2, from institute
State received first group component of equipment, main privacy key x and with the associated parameter of master public key mpk be the equipment calculate
Parameter, wherein first group component includes the first random number r that the equipment generatesi1;The parameter of the calculating is transferred to
The equipment;And the equipment, the parameter of the calculating for being received according to and the random number ri1It calculates described privately owned
Key sk.
In conjunction with described in a first aspect, according to embodiments of the present invention, described the step of calculating the parameter for the equipment wraps
It includes: retrieving any first value R from first group componenti1With the identity id of the equipmenti, wherein random according to described first
Number ri1Generate any first value Ri1;Calculate the arbitrary value R of the equipmentiWith the first integer si1;And by the calculating
The arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment, wherein according to described any
One value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And according to the second random number ri2, it is described
The arbitrary value R of main privacy key x, the equipmenti, the equipment identity idiAnd it is associated with from the master public key mpk
The parameter in the prime number q that obtains calculate the first integer si1。
In conjunction with described in a first aspect, according to embodiments of the present invention, the step of calculating private cipher key sk includes: root
According to the first integer s retrieved from the parameter for the calculating that the security server transmitsi1, first random number
ri1And the prime number q obtained from the associated parameter of the master public key mpk calculates integer si;And according to described
The arbitrary value R of equipmentiWith the integer siForm the private cipher key sk.
In conjunction with described in a first aspect, according to embodiments of the present invention, the arbitrary value R of the equipmentiByOrIt determines, any first value Ri1ByIt determines, the first integer si1By si1=ri2+xH
(Ri,idi) (mod q) or si1=-ri2+xH(Ri,idi) (mod q) determination, wherein H () is collision resistant hash-function.
In conjunction with described in a first aspect, according to embodiments of the present invention, the integer siBy si=si1+ri1(mod q) is determined.
In conjunction with described in a first aspect, according to embodiments of the present invention, the arbitrary value R of the equipmentiByReally
It is fixed, any first value Ri1ByIt determines, the first integer si1By si1=ri2+xH(Ri, idi) (mod q) true
Fixed, wherein H () is collision resistant hash-function.
In conjunction with described in a first aspect, according to embodiments of the present invention, the integer siBy si=si1-ri1(mod q) is determined.
In conjunction with described in a first aspect, according to embodiments of the present invention, described the step of calculating the parameter for the equipment wraps
It includes: retrieving any first value R from first group componenti1, the equipment identity idiAnd homomorphic cryptography value c, wherein root
According to the first random number ri1Generate any first value Ri1, described in being provided to additive homomorphism encryption function HEnc ()
First random number ri1The homomorphism is generated with the prime number q that obtains from the associated parameter of the master public key mpk
Secret value c;By the arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment, wherein according to
Any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And by adding to the additive homomorphism
Close function HEnc () provides the second random number ri2, the homomorphic cryptography value c, the main privacy key x, the equipment
Arbitrary value Ri, the equipment identity idiAnd the prime number q calculates the first integer si1。
In conjunction with described in a first aspect, according to embodiments of the present invention, the step of calculating private cipher key sk includes: logical
Cross by complementary homomorphic decryption function apply to from the security server transmit the calculating parameter in retrieve described in
First integer si1Calculate integer si;And the arbitrary value R according to the equipmentiWith the integer siForm the private cipher key sk.
In conjunction with described in a first aspect, according to embodiments of the present invention, the arbitrary value R of the equipmentiByIt determines,
Any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1 -1Mod q) it determines, it is described
First integer si1ByIt determines, wherein HEnc () is that the additive homomorphism encrypts letter
Number.
In conjunction with described in a first aspect, according to embodiments of the present invention, the arbitrary value R of the equipmentiByReally
It is fixed, any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1 -1) determine, described first
Integer si1ByIt determines, wherein HEnc () is the additive homomorphism encryption function.
In conjunction with described in a first aspect, according to embodiments of the present invention, the integer siBy si=ri1HDec(si1) determine, wherein
HDec () is the complementary homomorphic decryption function.
In conjunction with described in a first aspect, according to embodiments of the present invention, the arbitrary value R of the equipmentiByIt determines,
Any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1) determine, described first is whole
Number si1ByIt determines, wherein HEnc () is the additive homomorphism encryption function.
In conjunction with described in a first aspect, according to embodiments of the present invention, the integer siBy si=ri1 -1HDec(si1) determine,
Middle HDec () is the complementary homomorphic decryption function.
According to a second aspect of the present invention, a kind of system for generating common session key SK, the session key altogether are disclosed
The digital communication that SK is used between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based carries out
Coding, the system comprises: security server is used to indicate: first equipment is according to received from the security server
The random number r that first group of parameter and first equipment generatei1Calculate private cipher key ski, wherein the security server according to
The second random number r that the security server generatesi2Including the first random number ri1The first group component, main privacy key
X and first group of parameter is generated with the associated parameter of master public key mpk, wherein first equipment generates described first
Group component is simultaneously transmitted to the security server;And second equipment is according to from the security server received
The random number r that two groups of parameters and second equipment generatej1Calculate private cipher key skj, wherein the security server is according to institute
State the second random number r of security server generationj2Including the first random number rj1The second group component, the main secret it is close
Key x and second group of parameter is generated with the associated parameter of the master public key mpk, wherein second equipment is raw
At second group component and it is transmitted to the security server;First equipment is used for: using identity-based from
Authentication signature scheme and the private cipher key skiTo group element gaIt signs, wherein a is the random of first equipment generation
Number, g are the generator of cyclic group G;By the identity id of first equipmenti, the group element gaWith the group element g of the signaturea
It is transferred to second equipment;When receiving the transmission information, second equipment is used for: being used and the identity-based
The identity id of the associated verifying function and first equipment of Self-certified signature schemeiVerify the group element g of the signaturea, institute
State the group element g of signatureaWhen passing through verifying, the Self-certified signature scheme and the private cipher key sk of the identity-based are usedjIt is right
Group element (ga||gb) sign, wherein b is the random number that first equipment generates, and by the group element of the signature
(ga||gb) and group element gbIt is transferred to first equipment;First equipment is used for: accepting as unavoidable using with the identity-based
Demonstrate,prove the identity id of signature scheme associated the verifying function and second equipmentjVerify the group element (g of the signaturea||
gb);In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through by
The first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;It is secret by being shared described first
Close kijIt is supplied to the cipher key derivation function and generates the common session key SK;And by the first authentication data AdiIt passes
It is defeated by second equipment, thus receiving the first authentication data AdiWhen, second equipment is used for: according to the group
Element gaThe second shared secret k is calculated with the group element bji, by by the second shared secret kjiIt is supplied to the key
Derivation function calculates the second key vkj, by by the key vkjThe authentication data derivation function calculating second is supplied to recognize
Demonstrate,prove data Adj, determine the second authentication data AdjWhether with the first authentication data AdiMatching;And work as described second
Authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kjiIt is supplied to the key
Derivation function generates the common session key SK.
It is according to embodiments of the present invention, described to generate first group of ginseng for first equipment in conjunction with the second aspect
Several steps includes: that the security server is used for: any first value R is retrieved from first group componenti1With described first
The identity id of equipmenti, wherein according to the first random number ri1Generate any first value Ri1;Calculate first equipment
Arbitrary value RiWith the first integer si1;And by the arbitrary value R of first equipment of the calculatingiWith the first integer si1If
It is set to the parameter of first equipment, wherein according to any first value Ri1With the second random number ri2Calculate institute
State the arbitrary value R of the first equipmenti;And according to the second random number ri2, the main privacy key x, first equipment
Arbitrary value Ri, first equipment identity idiAnd obtained from the associated parameter of the master public key mpk
Prime number q calculates the first integer si1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the second aspectiIt include: described
One equipment is used for: according to the first integer s retrieved from first group of parameteri1, the first random number ri1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer si;And it is set according to described first
Standby arbitrary value RiWith the integer siForm the private cipher key ski。
It is according to embodiments of the present invention, described to generate second group of ginseng for second equipment in conjunction with the second aspect
Number includes: that the security server is used for: any first value R is retrieved from second group componentj1With second equipment
Identity idj, wherein according to the first random number rj1Generate any first value Rj1;Calculate the arbitrary value of second equipment
RjWith the first integer sj1;And by the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as institute
The parameter of the second equipment is stated, wherein according to any first value Rj1With the second random number rj2Calculate described second
The arbitrary value R of equipmentj;And according to the second random number rj2, the main privacy key x, second equipment arbitrary value
Rj, second equipment identity idjAnd the prime number q meter obtained from the associated parameter of the master public key mpk
Calculate the first integer sj1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the second aspectjIt include: described
Two equipment are used for: according to the first integer s retrieved from second group of parameterj1, the first random number rj1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer sj;And it is set according to described second
Standby arbitrary value RjWith the integer sjForm the private cipher key skj。
According to a third aspect of the present invention, a kind of system for generating common session key SK, the session key altogether are provided
The digital communication that SK is used between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based carries out
Coding, the system comprises: security server is used to indicate: first equipment is according to received from the security server
The random number r that first group of parameter and first equipment generatei1Calculate private cipher key ski, wherein the security server according to
The second random number r that the security server generatesi2Including the first random number ri1The first group component, main privacy key
X and first group of parameter is generated with the associated parameter of master public key mpk, wherein first equipment generates described first
Group component is simultaneously transmitted to the security server;And second equipment is according to from the security server received
The random number r that two groups of parameters and second equipment generatej1Calculate private cipher key skj, wherein the security server is according to institute
State the second random number r of security server generationj2Including the first random number rj1The second group component, the main secret it is close
Key x and second group of parameter is generated with the associated parameter of the master public key mpk, wherein second equipment is raw
At second group component and it is transmitted to the security server;First equipment is used for: using identity-based from
Authentication signature scheme and the private cipher key skiTo cryptographic random number NiIt signs;By the identity id of first equipmenti, institute
State cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to second equipment;When receiving the transmission information,
Second equipment is used for: being set using with the associated verifying function of the Self-certified signature scheme of the identity-based and described first
Standby identity idiVerify the cryptographic random number N of the signaturei, in the cryptographic random number N of the signatureiWhen passing through verifying, use
The Self-certified signature scheme of the identity-based and the private cipher key skjTo cryptographic random number (Ni||Nj) sign, wherein
NjFor cryptographic random number;And by the cryptographic random number (N of the signaturei||Nj) and the cryptographic random number NjIt is transferred to described
First equipment;First equipment is used for: being used and the associated verifying letter of the Self-certified signature scheme of the identity-based
Several and second equipment identity idjVerify the cryptographic random number (N of the signaturei||Nj), in the cipher random of the signature
Number (Ni||Nj) when passing through verifying, calculate the first shared secret kij=gsj·si, by by the first shared secret kijIt is supplied to
Cipher key derivation function calculates first key vki, and by by the cryptographic random number NiAnd NjAnd the first key vkiIt mentions
It supplies authentication data derivation function and calculates the first authentication data Adi;By by the first shared secret kijAnd the password
Random number NiAnd NjIt is supplied to the cipher key derivation function and generates the common session key SK;By the first authentication data Adi
It is transferred to second equipment;Receiving the first authentication data AdiWhen, second equipment is used for: it is shared to calculate second
Secret kji=gsj·si, by by the second shared secret kjiIt is supplied to the cipher key derivation function and calculates the second key vkj,
By by the key vkjAnd the cryptographic random number NiAnd NjThe authentication data derivation function calculating second is supplied to recognize
Demonstrate,prove data Adj, determine the second authentication data AdjWhether with the first authentication data AdiMatching;And work as described second
Authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kjiIt is supplied to the key
Derivation function generates the common session key SK.
It is according to embodiments of the present invention, described to generate first group of ginseng for first equipment in conjunction with the third aspect
Number includes: that the security server is used for: any first value R is retrieved from first group componenti1With first equipment
Identity idi, wherein according to the first random number ri1Generate any first value Ri1;Calculate the arbitrary value of first equipment
RiWith the first integer si1;And by the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as institute
The parameter of the first equipment is stated, wherein according to any first value Ri1With the second random number ri2Calculate described first
The arbitrary value R of equipmenti;And according to the second random number ri2, the main privacy key x, first equipment arbitrary value
Ri, first equipment identity idiAnd the prime number q meter obtained from the associated parameter of the master public key mpk
Calculate the first integer si1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the third aspectiIt include: described
One equipment is used for: according to the first integer s retrieved from first group of parameteri1, the first random number ri1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer si;And it is set according to described first
Standby arbitrary value RiWith the integer siForm the private cipher key ski。
It is according to embodiments of the present invention, described to generate second group of ginseng for second equipment in conjunction with the third aspect
Number includes: that the security server is used for: any first value R is retrieved from second group componentj1With second equipment
Identity idj, wherein according to the first random number rj1Generate any first value Rj1;Calculate the arbitrary value of second equipment
RjWith the first integer sj1;And by the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as institute
The parameter of the second equipment is stated, wherein according to any first value Rj1With the second random number rj2Calculate described second
The arbitrary value R of equipmentj;And according to the second random number rj2, the main privacy key x, second equipment arbitrary value
Rj, second equipment identity idjAnd the prime number q meter obtained from the associated parameter of the master public key mpk
Calculate the first integer sj1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the third aspectjIt include: described
Two equipment are used for: according to the first integer s retrieved from second group of parameterj1, the first random number rj1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer sj;And it is set according to described second
Standby arbitrary value RjWith the integer sjForm the private cipher key skj。
According to a fourth aspect of the present invention, a kind of system for generating common session key SK, the session key altogether are provided
The digital communication that SK is used between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based carries out
Coding, the system comprises: the first security server is used to indicate: first equipment is according to from first security service
The random number r that the received first group of parameter of device and first equipment generatei1Calculate private cipher key ski, wherein first peace
The second random number r that full server is generated according to first security serveri2Including the first random number ri1First
Group component, main privacy key xiAnd with master public key mpkiAssociated parameter generates first group of parameter, wherein described the
One equipment generates first group component and is transmitted to first security server;Second security server, for referring to
Show: second equipment according to generate from the received second group of parameter of second security server and second equipment with
Machine number rj1Calculate private cipher key skj, wherein second security server generated according to second security server second
Random number rj2Including the first random number rj1The second group component, main privacy key xjAnd with master public key mpkjIt closes
The parameter of connection generates second group of parameter, wherein second equipment generates second group component and is transmitted to
Second security server, wherein first security server is located in the domain different from second security server;
First equipment is used for: using the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt is signed
Name, wherein a is the random number that first equipment generates, and g is the generator of cyclic group G;By the identity of first equipment
idi, the group element gaWith the group element g of the signatureaIt is transferred to second equipment;When receiving the transmission information, institute
It states the second equipment to be used for: use and the associated verifying function of Self-certified signature scheme of the identity-based and first equipment
Identity idiVerify the group element g of the signaturea, in the group element g of the signatureaWhen passing through verifying, body is based on using described
The Self-certified signature scheme and the private cipher key sk of partjTo group element (ga||gb) sign, wherein b sets for described first
The standby random number generated, and by the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment;It is described
First equipment is used for: being set using with the associated verifying function of the Self-certified signature scheme of the identity-based and described second
Standby identity idjVerify the group element (g of the signaturea||gb);In the group element (g of the signaturea||gb) when passing through verifying, root
According to the group element a and the group element gbCalculate the first shared secret kij, by by the first shared secret kijIt is supplied to
Cipher key derivation function calculates first key vki, and by by the first key vkiIt is supplied to the calculating of authentication data derivation function
First authentication data Adi;By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the public meeting
Talk about key SK;By the first authentication data AdiIt is transferred to second equipment;Receiving the first authentication data AdiWhen,
Second equipment is used for: according to the group element gaThe second shared secret k is calculated with the group element bji, by by described
Two shared secret kjiIt is supplied to the cipher key derivation function and calculates the second key vkj, by by the key vkjIt is supplied to described
Authentication data derivation function calculates the second authentication data Adj, determine the second authentication data AdjWhether authenticated with described first
Data AdiMatching;And work as the second authentication data AdjWith the first authentication data AdiWhen matching, by by described
Two shared secret kjiIt is supplied to the cipher key derivation function and generates the common session key SK.
It is according to embodiments of the present invention, described to generate first group of ginseng for first equipment in conjunction with the fourth aspect
Number includes: that first security server is used for: any first value R is retrieved from first group componenti1It is set with described first
Standby identity idi, wherein according to the first random number ri1Generate any first value Ri1;Calculate appointing for first equipment
Meaning value RiWith the first integer si1;And by the arbitrary value R of first equipment of the calculatingiWith the first integer si1Setting
For the parameter of first equipment, wherein according to any first value Ri1With the second random number ri2Described in calculating
The arbitrary value R of first equipmenti;And according to the second random number ri2, the main privacy key xi, first equipment appoints
Meaning value Ri, first equipment identity idiAnd from the master public key mpkiThe element obtained in the associated parameter
Number q calculates the first integer si1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the fourth aspectiIt include: described
One equipment is used for: according to the first integer s retrieved from first group of parameteri1, the first random number ri1And
From with the master public key mpkiThe prime number q obtained in the associated parameter calculates integer si;And it is set according to described first
Standby arbitrary value RiWith the integer siForm the private cipher key ski。
It is according to embodiments of the present invention, described to generate second group of ginseng for second equipment in conjunction with the fourth aspect
Number includes: that second security server is used for: any first value R is retrieved from second group componentj1It is set with described second
Standby identity idj, wherein according to the first random number rj1Generate any first value Rj1;Calculate appointing for second equipment
Meaning value RjWith the first integer sj1;And by the arbitrary value R of second equipment of the calculatingjWith the first integer sj1Setting
For the parameter of second equipment, wherein according to any first value Rj1With the second random number rj2Described in calculating
The arbitrary value R of second equipmentj;And according to the second random number rj2, the main privacy key xj, second equipment appoints
Meaning value Rj, second equipment identity idjAnd from the master public key mpkjThe element obtained in the associated parameter
Number q calculates the first integer sj1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the fourth aspectjIt include: described
Two equipment are used for: according to the first integer s retrieved from second group of parameterj1, the first random number rj1And
From with the master public key mpkjThe prime number q obtained in the associated parameter calculates integer sj;And it is set according to described second
Standby arbitrary value RjWith the integer sjForm the private cipher key skj。
According to a fifth aspect of the present invention, a kind of system for generating common session key SK is provided, the common session is close
Key SK is used for the data to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
Report the first equipment i and the second equipment of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Digital communication between j is encoded, the system comprises: security server is used to indicate: first equipment is according to from institute
State the random number r that the received first group of parameter of security server and first equipment generatei1Calculate private cipher key ski, wherein
The second random number r that the security server is generated according to the security serveri2Including the first random number ri1?
One group component, main privacy key x and first group of parameter is generated with the associated parameter of master public key mpk, wherein described
First equipment generates first group component and is transmitted to the security server;And second equipment is according to from institute
State the random number r that the received second group of parameter of security server and second equipment generatej1Calculate private cipher key skj, wherein
The second random number r that the security server is generated according to the security serverj2Including the first random number rj1?
Two group components, the main privacy key x and second group of ginseng is generated with the associated parameter of the master public key mpk
Number, wherein second equipment generates second group component and is transmitted to the security server;Described first and
Two equipment are used for described between first equipment and second equipment using the Self-certified signature scheme of identity-based
Tls protocol or the DTLS agreement generate the common session key SK, wherein the identity id of first equipmentiIncluded in institute
In the certificate message for stating the first equipment, the identity id of second equipmentjIncluded in the certificate message of second equipment, institute
The Self-certified signature scheme of identity-based is stated by the skiAnd skjIt determines.
It is according to embodiments of the present invention, described to generate first group of ginseng for first equipment in conjunction with the 5th aspect
Number includes: that the security server is used for: any first value R is retrieved from first group componenti1With first equipment
Identity idi, wherein according to the first random number ri1Generate any first value Ri1;Calculate the arbitrary value of first equipment
RiWith the first integer si1;And by the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as institute
The parameter of the first equipment is stated, wherein according to any first value Ri1With the second random number ri2Calculate described first
The arbitrary value R of equipmenti;And according to the second random number ri2, the main privacy key x, first equipment arbitrary value
Ri, first equipment identity idiAnd the prime number q meter obtained from the associated parameter of the master public key mpk
Calculate the first integer si1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the 5th aspectiIt include: described
One equipment is used for: according to the first integer s retrieved from first group of parameteri1, the first random number ri1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer si;And it is set according to described first
Standby arbitrary value RiWith the integer siForm the private cipher key ski。
It is according to embodiments of the present invention, described to generate second group of ginseng for second equipment in conjunction with the 5th aspect
Number includes: that the security server is used for: any first value R is retrieved from second group componentj1With second equipment
Identity idj, wherein according to the first random number rj1Generate any first value Rj1;Calculate the arbitrary value of second equipment
RjWith the first integer sj1;And by the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as institute
The parameter of the second equipment is stated, wherein according to any first value Rj1With the second random number rj2Calculate described second
The arbitrary value R of equipmentj;And according to the second random number rj2, the main privacy key x, second equipment arbitrary value
Rj, second equipment identity idjAnd the prime number q meter obtained from the associated parameter of the master public key mpk
Calculate the first integer sj1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the 5th aspectjIt include: described
Two equipment are used for: according to the first integer s retrieved from second group of parameterj1, the first random number rj1And
The prime number q obtained from the associated parameter of the master public key mpk calculates integer sj;And it is set according to described second
Standby arbitrary value RjWith the integer sjForm the private cipher key skj。
According to a sixth aspect of the present invention, a kind of system for generating common session key SK is provided, the common session is close
Key SK is used for the data to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
Report the first equipment i and the second equipment of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Digital communication between j is encoded, the system comprises: the first security server is used to indicate: first equipment according to
The random number r generated from the received first group of parameter of first security server and first equipmenti1Calculate private cipher key
ski, wherein the second random number r that first security server is generated according to first security serveri2Including described
One random number ri1The first group component, main privacy key xiAnd with master public key mpkiAssociated parameter generates described first
Group parameter, wherein first equipment generates first group component and is transmitted to first security server;Second
Security server is used to indicate: second equipment is according to from the received second group of parameter of second security server and institute
State the random number r of the second equipment generationj1Calculate private cipher key skj, wherein second security server is according to second peace
The second random number r that full server generatesj2Including the first random number rj1The second group component, the main privacy key xj
And with master public key mpkjThe associated parameter generates second group of parameter, wherein described in second equipment generation
Second group component is simultaneously transmitted to second security server, wherein first security server is located at and described second
In the different domain of security server;First and second equipment is used to using the Self-certified signature scheme of identity-based be described
The tls protocol between first equipment and second equipment generates the common session key SKij, wherein described first sets
Standby identity idiIncluded in the certificate message of first equipment, the identity id of second equipmentjIncluded in described second
In the certificate message of equipment, the Self-certified signature scheme of the identity-based is by the skiAnd skjIt determines.
It is according to embodiments of the present invention, described to generate first group of ginseng for first equipment in conjunction with the 6th aspect
Number includes: that first security server is used for: any first value R is retrieved from first group componenti1It is set with described first
Standby identity idi, wherein according to the first random number ri1Generate any first value Ri1;Calculate appointing for first equipment
Meaning value RiWith the first integer si1;And by the arbitrary value R of first equipment of the calculatingiWith the first integer si1Setting
For the parameter of first equipment, wherein according to any first value Ri1With the second random number ri2Described in calculating
The arbitrary value R of first equipmenti;And according to the second random number ri2, the main privacy key xi, first equipment appoints
Meaning value Ri, first equipment identity idiAnd from the master public key mpkiThe element obtained in the associated parameter
Number q calculates the first integer si1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the 6th aspectiIt include: described
One equipment is used for: according to the first integer s retrieved from first group of parameteri1, the first random number ri1And
From with the master public key mpkiThe prime number q obtained in the associated parameter calculates integer si;And it is set according to described first
Standby arbitrary value RiWith the integer siForm the private cipher key ski。
It is according to embodiments of the present invention, described to generate second group of ginseng for second equipment in conjunction with the 6th aspect
Number includes: that second security server is used for: any first value R is retrieved from second group componentj1It is set with described second
Standby identity idj, wherein according to the first random number rj1Generate any first value Rj1;Calculate appointing for second equipment
Meaning value RjWith the first integer sj1;And by the arbitrary value R of second equipment of the calculatingjWith the first integer sj1Setting
For the parameter of second equipment, wherein according to any first value Rj1With the second random number rj2Described in calculating
The arbitrary value R of second equipmentj;And according to the second random number rj2, the main privacy key xj, second equipment appoints
Meaning value Rj, second equipment identity idjAnd from the master public key mpkjThe element obtained in the associated parameter
Number q calculates the first integer sj1。
It is according to embodiments of the present invention, described to calculate the private cipher key sk in conjunction with the 6th aspectjIt include: described
Two equipment are used for: according to the first integer s retrieved from second group of parameterj1, the first random number rj1And
From with the master public key mpkjThe prime number q obtained in the associated parameter calculates integer sj;And it is set according to described second
Standby arbitrary value RjWith the integer sjForm the private cipher key skj。
In conjunction with the 6th aspect, according to embodiments of the present invention, it is used in the security server according to the safety clothes
The second random number r that business device generatesi2Before the equipment calculating parameter, the security server is used for: being set from described
It is standby to receive zero-knowledge proof as a result, wherein the equipment uses the first random number ri1Described zero is generated with system parameter λ to know
Knowing proves result;The first random number r is determined according to the zero-knowledge proof resulti1Whether the system parameter is less than or equal to
λ;And work as the first random number ri1When less than or equal to the system parameter λ, according to security server generation
Second random number ri2For the equipment calculating parameter.
According to a seventh aspect of the present invention, a kind of system for generating common session key SK is provided, the common session is close
Key SK is used for the data to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
Report the first equipment i and the second equipment of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Digital communication between j is encoded, the system comprises: security server is used for: being signed using the Self-certified of identity-based
Scheme, according to the identity id of first equipmentiPrivate cipher key sk is generated for first equipmenti, according to second equipment
Identity idjPrivate cipher key sk is generated for second equipmentj;And by the private cipher key skiIt is transferred to first equipment,
By the private cipher key skjIt is transferred to second equipment;First and second equipment is used to use identical identity-based
The tls protocol of the Self-certified signature scheme between first equipment and second equipment or the DTLS agreement it is raw
At the common session key SK, wherein the identity id of first equipmentiIncluded in the certificate message of first equipment,
The identity id of second equipmentjIncluded in the certificate message of second equipment, the Self-certified of the identity-based is signed
Scheme is by the skiAnd skjIt determines.
According to a eighth aspect of the present invention, a kind of system for generating common session key SK is provided, the common session is close
Key SK is used for the data to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
Report the first equipment i and the second equipment of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Digital communication between j is encoded, the system comprises: the first security server is used for: using the Self-certified of identity-based
Signature scheme, according to the identity id of first equipmentiPrivate cipher key sk is generated for first equipmenti, and will be described privately owned close
Key skiIt is transferred to first equipment;Second security server, is used for: using the Self-certified signature scheme of identity-based, according to
The identity id of second equipmentjPrivate cipher key sk is generated for second equipmentj, and by the private cipher key skjIt is transferred to institute
State the second equipment;Wherein first security server is located in the domain different from second security server, and described first
The Self-certified signature scheme but different parameter or different based on body using identical identity-based are used for the second equipment
Described in TLS the or DTLS agreement of the Self-certified signature scheme of part between first equipment and second equipment generates
Common session key SK, wherein the identity id of first equipmentiIncluded in the certificate message of first equipment, described
The identity id of two equipmentjIncluded in the certificate message of second equipment, the Self-certified signature scheme of the identity-based by
The skiAnd skjIt determines.
According to a ninth aspect of the present invention, a kind of equipment calculating private for participate in the Self-certified signature scheme of identity-based
There is the security server of key sk, comprising: processor;And the non-transient medium that the processor is readable, the medium are deposited
Storage instruction, described instruction make the processor execute following operation when being executed by the processor: according to the safety clothes
The second random number r that business device generatesi2, from received first group component of the equipment, main privacy key x and and master public key
The associated parameter of mpk is the equipment calculating parameter, wherein first group component include the equipment generate it is first random
Number ri1;The parameter of the calculating is transferred to the equipment, thus the parameter for the calculating that the equipment is used to receive according to
With the random number ri1Calculate the private cipher key sk.
The described instruction packet of the parameter is calculated for the equipment according to embodiments of the present invention in conjunction with the 9th aspect
It includes: being used to indicate the processor and execute the following instruction operated: retrieving any first value R from first group componenti1With
The identity id of the equipmenti, wherein according to the first random number ri1Generate any first value Ri1;Calculate the equipment
Arbitrary value RiWith the first integer si1;And by the arbitrary value R of the equipment of the calculatingiWith the first integer si1It is set as
The parameter of the equipment, wherein according to any first value Ri1With the second random number ri2Calculate the equipment
Arbitrary value Ri;And according to the second random number ri2, the main privacy key x, first equipment arbitrary value Ri, it is described
The identity id of equipmentiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates described first
Integer si1。
The described instruction packet of the parameter is calculated for the equipment according to embodiments of the present invention in conjunction with the 9th aspect
It includes: being used to indicate the processor and execute the following instruction operated: retrieving any first value R from first group componenti1, institute
State the identity id of equipmentiAnd homomorphic cryptography value c, wherein according to the first random number ri1Generate any first value Ri1,
By providing the first random number r to additive homomorphism encryption function HEnc ()i1It is associated with from the master public key mpk
The parameter in the prime number q that obtains generate the homomorphic cryptography value c;By the arbitrary value R of the equipmentiWith the first integer si1
It is set as the parameter of the equipment, wherein according to any first value Ri1With the second random number ri2Described in calculating
The arbitrary value R of equipmenti;And by providing the second random number r to the additive homomorphism encryption function HEnc ()i2, it is described
Homomorphic cryptography value c, the main privacy key x, first equipment arbitrary value Ri, the equipment identity idiAnd the element
Number q calculates the first integer si1。
In conjunction with the 9th aspect, according to embodiments of the present invention, in described second generated according to the security server
Random number ri2Before the described instruction for calculating the parameter for the equipment, the security server include: be used to indicate it is described
Processor executes the following instruction operated: receiving zero-knowledge proof from the equipment as a result, wherein the equipment is using described the
One random number ri1The zero-knowledge proof result is generated with system parameter λ;Described is determined according to the zero-knowledge proof result
One random number ri1Whether the system parameter λ is less than or equal to;And work as the first random number ri1Join less than or equal to the system
When number λ, according to the second random number r of security server generationi2For the equipment calculating parameter.
According to a tenth aspect of the present invention, a kind of equipment calculating private for participate in the Self-certified signature scheme of identity-based
There is the method for key sk, comprising: the second random number r that security server is generated according to the security serveri2, from the equipment
Received first group component, main privacy key x and with the associated parameter of master public key mpk be the equipment calculating parameter,
Wherein first group component includes the first random number r that the equipment generatesi1;The parameter of the calculating is transferred to described set
It is standby, thus the parameter for the calculating that the equipment is received according to and the random number ri1Calculate the private cipher key sk.
In conjunction with the tenth aspect, according to embodiments of the present invention, described is described in the equipment calculating parameter includes:
Security server retrieves any first value R from first group componenti1With the identity id of the equipmenti, wherein according to
First random number ri1Generate any first value Ri1;Calculate the arbitrary value R of the equipmentiWith the first integer si1;And by institute
State the arbitrary value R of the equipment of calculatingiWith the first integer si1It is set as the parameter of the equipment, wherein according to institute
State any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And according to second random number
ri2, the main privacy key x, first equipment arbitrary value Ri, the equipment identity idiAnd it is opened from the Your Majesty
The prime number q obtained in the associated parameter of key mpk calculates the first integer si1。
In conjunction with the tenth aspect, according to embodiments of the present invention, described is described in the equipment calculating parameter includes:
Security server retrieves any first value R from first group componenti1, the equipment identity idiAnd homomorphic cryptography value
C, wherein according to the first random number ri1Generate any first value Ri1, by additive homomorphism encryption function HEnc ()
The first random number r is providedi1It is generated with the prime number q that is obtained from the associated parameter of the master public key mpk
The homomorphic cryptography value c;By the arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment, wherein
According to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And by adding to described
Method homomorphic encryption iunctions HEnc () provides the second random number ri2, the homomorphic cryptography value c, the main privacy key x, institute
State the arbitrary value R of the first equipmenti, the equipment identity idiAnd the prime number q calculates the first integer si1。
The tenth on the one hand according to the present invention, a method of generating common session key SK, the common session key SK
It is compiled for the digital communication between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Code, which comprises first equipment receives the instruction for being used for following operation from security server: according to from the safety
The random number r that the received first group of parameter of server and first equipment generatei1Calculate private cipher key ski, wherein the peace
The second random number r that full server is generated according to the security serveri2Including the first random number ri1The first component
Amount, main privacy key x and first group of parameter is generated with the associated parameter of master public key mpk, wherein described first sets
It is standby to generate first group component and be transmitted to the security server;And first equipment uses identity-based
Self-certified signature scheme and the private cipher key skiTo group element gaSign, wherein a be first equipment generate with
Machine number, g are the generator of cyclic group G;And by the identity id of first equipmenti, the group element gaWith the group of the signature
Element gaIt is transferred to described second.
In conjunction with the tenth one side, according to embodiments of the present invention, the method also includes: it is received from second equipment
Group element (the g of signaturea||gb) and group element gb;Using with the associated verifying letter of the Self-certified signature scheme of the identity-based
Several and second equipment identity idjVerify the group element (g of the signaturea||gb);In the group element (g of the signaturea||
gb) when passing through verifying, according to the group element a and the group element gbCalculate the first shared secret kij, by by described first
Shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and by by the first key vkiIt is supplied to certification
Data derivation function calculates the first authentication data Adi;By by the first shared secret kijIt is supplied to the key derivation letter
Number generates the common session key SK;And by the first authentication data AdiIt is transferred to second equipment.
12nd aspect according to the present invention, a kind of the first equipment generating common session key SK, the common session are close
Key SK is used for the digital communication between first equipment and the second equipment to the Self-certified signature scheme for participating in identity-based
It is encoded, first equipment includes: processor;And the non-transient medium that the processor is readable, the medium are deposited
Storage instruction, described instruction make the processor execute following operation when being executed by the processor: connecing from security server
Receive the instruction for being used for following operation: according to what is generated from the received first group of parameter of the security server and first equipment
Random number ri1Calculate private cipher key ski, wherein the second random number that the security server is generated according to the security server
ri2Including the first random number ri1The first group component, main privacy key x and with the associated parameter of master public key mpk
First group of parameter is generated, wherein first equipment generates first group component and is transmitted to the security service
Device;And Self-certified signature scheme and the private cipher key sk using identity-basediTo group element gaIt signs, wherein a is
The random number that first equipment generates, g are the generator of cyclic group G;By the identity id of first equipmenti, group member
Plain gaWith the group element g of the signatureaIt is transferred to described second.
In conjunction with the 12nd aspect, according to embodiments of the present invention, described instruction includes being used to indicate the processor to hold
The following instruction operated of row: the group element (g of signature is received from second equipmenta||gb) and group element gb;Using with the base
In the identity id of the associated verifying function and second equipment of the Self-certified signature scheme of identityjVerify group's member of the signature
Element (ga||gb);In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbMeter
Calculate the first shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and
By by the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;By by described first
Shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;And by first authentication data
AdiIt is transferred to second equipment.
13rd aspect according to the present invention, a method of generating common session key SK, the common session key SK
It is compiled for the digital communication between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Code, which comprises second equipment receives the instruction for being used for following operation from the security server: according to from described
The random number r that the received second group of parameter of security server and second equipment generatej1Calculate private cipher key skj, wherein institute
State the second random number r that security server is generated according to the security serverj2Including the first random number rj1Second
Group component, main privacy key x and second group of parameter is generated with the associated parameter of master public key mpk, wherein described the
Two equipment generate second group component and are transmitted to the security server;First equipment is received from described first
Identity idi, group element gaWith the group element g of signaturea;Using with the Self-certified signature scheme of the identity-based is associated tests
Demonstrate,prove the identity id of function and first equipmentiVerify the group element g of the signaturea, in the group element g of the signatureaBy testing
When card, the Self-certified signature scheme and the private cipher key sk of the identity-based are usedjTo group element (ga||gb) signed
Name, wherein b is the random number that first equipment generates;And by the group element (g of the signaturea||gb) and group element gbIt passes
It is defeated by first equipment.
In conjunction with the 13rd aspect, according to embodiments of the present invention, the method also includes: it is received from first equipment
First authentication data Adi;According to the group element gaWith the group element gbCalculate the second shared secret kji;By by described
Two shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;By by the key vkjIt is supplied to authentication data
Derivation function calculates the second authentication data Adj;Determine the second authentication data AdjWhether with the first authentication data Adi?
Match;And work as the second authentication data AdjWith the first authentication data AdiWhen matching, by by second shared secret
kjiIt is supplied to the cipher key derivation function and generates the common session key SK.
Fourteenth aspect according to the present invention, a kind of the second equipment generating common session key SK, the common session are close
Key SK is used for the digital communication between the first equipment and second equipment to the Self-certified signature scheme for participating in identity-based
It is encoded, second equipment includes: processor;And the non-transient medium that the processor is readable, the medium are deposited
Storage instruction, described instruction make the processor execute following operation when being executed by the processor: connecing from security server
Receive the instruction for being used for following operation: according to what is generated from the received second group of parameter of the security server and second equipment
Random number rj1Calculate private cipher key skj, wherein the second random number that the security server is generated according to the security server
rj2Including the first random number rj1The second group component, main privacy key x and with the associated parameter of master public key mpk
Second group of parameter is generated, wherein second equipment generates second group component and is transmitted to the security service
Device;The identity id for receiving first equipment from described firsti, group element gaWith the group element g of signaturea;It is based on using with described
The identity id of the associated verifying function and first equipment of the Self-certified signature scheme of identityiVerify the group element of the signature
ga, in the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned close is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates;And by the signature
Group element (ga||gb) and group element gbIt is transferred to first equipment.
In conjunction with the fourteenth aspect, according to embodiments of the present invention, described instruction includes being used to indicate the processor to hold
The following instruction operated of row: the first authentication data Ad is received from first equipmenti;According to the group element gaWith group's member
Plain gbCalculate the second shared secret kji;By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key
vkj;By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;Determine that described second recognizes
Demonstrate,prove data AdjWhether with the first authentication data AdiMatching;And work as the second authentication data AdjWith first certification
Data AdiWhen matching, by by the second shared secret kjiIt is supplied to the cipher key derivation function and generates the common session
Key SK.
15th aspect according to the present invention, a method of generating common session key SK, the common session key SK
It is compiled for the digital communication between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Code, which comprises first equipment receives the instruction for being used for following operation from security server: according to from the safety
The random number r that the received first group of parameter of server and first equipment generatei1Calculate private cipher key ski, wherein the peace
The second random number r that full server is generated according to the security serveri2Including the first random number ri1The first component
Amount, main privacy key x and first group of parameter is generated with the associated parameter of master public key mpk, wherein described first sets
It is standby to generate first group component and be transmitted to the security server;And first equipment uses identity-based
Self-certified signature scheme and the private cipher key skiTo cryptographic random number NiIt signs;By the identity id of first equipmenti、
The cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to second equipment, thus receiving the transmission
When information, second equipment is used for: being used and the associated verifying function of Self-certified signature scheme of the identity-based and institute
State the identity id of the first equipmentiVerify the cryptographic random number N of the signaturei;In the cryptographic random number N of the signatureiPass through verifying
When, use the Self-certified signature scheme and private cipher key sk of the identity-basedjTo cryptographic random number (Ni||Nj) sign,
Wherein NjFor cryptographic random number;And by the cryptographic random number (N of the signaturei||Nj) and cryptographic random number NjIt is transferred to described
First equipment.
In conjunction with the 15th aspect, according to embodiments of the present invention, the method also includes: it is received from second equipment
Cryptographic random number (the Ni||Nj) and the cryptographic random number Nj;It is closed using with the Self-certified signature scheme of the identity-based
The verifying function of connection and the identity id of second equipmentjVerify the cryptographic random number (N of the signaturei||Nj), described
Cryptographic random number (the N of signaturei||Nj) when passing through verifying, calculate the first shared secret kij=gsj·si, by the way that described first is total to
Enjoy secret kijIt is supplied to cipher key derivation function and calculates first key vki, and by by the cryptographic random number NiAnd NjAnd it is described
First key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;By by the first shared secret kij
And the cryptographic random number NiAnd NjIt is supplied to the cipher key derivation function and generates the common session key SK;And by institute
State the first authentication data AdiIt is transferred to second equipment.
16th aspect according to the present invention, a kind of the first equipment generating common session key SK, the common session are close
It is logical that key SK is used for the number between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Letter is encoded, and first equipment includes: processor;And the non-transient medium that the processor is readable, the medium
Store instruction, described instruction make the processor execute following operation when being executed by the processor: from security server
It receives the instruction for being used for following operation: being generated according to from the received first group of parameter of the security server and first equipment
Random number ri1Calculate private cipher key ski, wherein the security server generated according to the security server it is second random
Number ri2Including the first random number ri1The first group component, main privacy key x and with the associated ginseng of master public key mpk
Number generates first group of parameter, wherein first equipment generates first group component and is transmitted to the safety clothes
Business device;And Self-certified signature scheme and the private cipher key sk using identity-basediTo cryptographic random number NiIt signs;
And by the identity id of first equipmenti, the cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to described
Second equipment.
In conjunction with the 16th aspect, according to embodiments of the present invention, described instruction includes being used to indicate the processor to hold
The following instruction operated of row: cryptographic random number (N is received from second equipmenti||Nj) and the cryptographic random number Nj;Using with
The identity id of the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjVerifying is signed close
Code random number (Ni||Nj), in the cryptographic random number (N of the signaturei||Nj) when passing through verifying, calculate the first shared secret kij=
gsj·si, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and passing through will be described
Cryptographic random number NiAnd NjAnd the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijAnd the cryptographic random number NiAnd NjIt is supplied to the cipher key derivation function and generates institute
State common session key SK;And by the first authentication data AdiIt is transferred to second equipment.
17th aspect according to the present invention, a kind of the second equipment generating common session key SK, the common session are close
Key SK is used for the digital communication between the first equipment and second equipment to the Self-certified signature scheme for participating in identity-based
It is encoded, second equipment includes: processor;And the non-transient medium that the processor is readable, the medium are deposited
Storage instruction, described instruction make the processor execute following operation when being executed by the processor: connecing from security server
Receive the instruction for being used for following operation: according to what is generated from the received second group of parameter of the security server and second equipment
Random number rj1Calculate private cipher key skj, wherein the second random number that the security server is generated according to the security server
rj2Including the first random number rj1The second group component, main privacy key x and with the associated parameter of master public key mpk
Second group of parameter is generated, wherein second equipment generates second group component and is transmitted to the security service
Device;The identity id of first equipment is received from first equipmenti, cryptographic random number NiWith the cryptographic random number N of signaturei;Make
With the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediDescribed in verifying
The cryptographic random number N of signaturei;In the cryptographic random number N of the signatureiWhen passing through verifying, the Self-certified of the identity-based is used
Signature scheme and the private cipher key skjTo cryptographic random number (Ni||Nj) sign, wherein NjFor cryptographic random number;And
By the cryptographic random number (N of the signaturei||Nj) and the cryptographic random number NjIt is transferred to first equipment.
In conjunction with the 17th aspect, according to embodiments of the present invention, described instruction includes being used to indicate the processor to hold
The following instruction operated of row: the first authentication data Ad is received from first equipmenti;Calculate the second shared secret kji=gsj·
si;By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;By by the key vkj
And the cryptographic random number NiAnd NjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;Determine described second
Authentication data AdjWhether with the first authentication data AdiMatching;And work as the second authentication data AdjRecognize with described first
Demonstrate,prove data AdiWhen matching, by by the second shared secret kjiIt is supplied to the cipher key derivation function and generates the public meeting
Talk about key SK.
18th aspect according to the present invention, a method of generating common session key SK, the common session key SK
It is compiled for the digital communication between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Code, which comprises first equipment receives the instruction for being used for following operation from the first security server: according to from described
The random number r that the received first group of parameter of first security server and first equipment generatei1Calculate private cipher key ski,
Described in the second random number r for being generated according to first security server of the first security serveri2Including described first is random
Number ri1The first group component, main privacy key xiAnd with master public key mpkiAssociated parameter generates first group of ginseng
Number, wherein first equipment generates first group component and is transmitted to first security server;It is wherein described
First security server is located in the domain different from the second security server;First equipment uses the Self-certified of identity-based
Signature scheme and the private cipher key skiTo group element gaIt signs, wherein a is the random number that first equipment generates, g
For the generator of cyclic group G;By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaTransmission
To second equipment.
In conjunction with the 18th aspect, according to embodiments of the present invention, the method also includes: it is received from second equipment
Group element (the g of signaturea||gb) and group element gb;Using with the associated verifying letter of the Self-certified signature scheme of the identity-based
Several and second equipment identity idjVerify the group element (g of the signaturea||gb);In the group element (g of the signaturea||
gb) when passing through verifying, according to the group element a and the group element gbCalculate the first shared secret kij, by by described first
Shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and by by the first key vkiIt is supplied to certification
Data derivation function calculates the first authentication data Adi;By by the first shared secret kijIt is supplied to the key derivation letter
Number generates the common session key SK;And by the first authentication data AdiIt is transferred to second equipment.
19th aspect according to the present invention, a kind of the first equipment generating common session key SK, the common session are close
Key SK is used for the digital communication between first equipment and the second equipment to the Self-certified signature scheme for participating in identity-based
It is encoded, first equipment includes: processor;And the non-transient medium that the processor is readable, the medium are deposited
Storage instruction, described instruction make the processor execute following operation when being executed by the processor: from the first security service
Device receives the instruction for being used for following operation: setting according to from the received first group of parameter of first security server and described first
The standby random number r generatedi1Calculate private cipher key ski, wherein first security server is according to first security server
The the second random number r generatedi2Including the first random number ri1The first group component, main privacy key xiAnd it is opened with Your Majesty
Key mpkiAssociated parameter generates first group of parameter, wherein first equipment generate first group component and by its
It is transferred to first security server;Wherein first security server is located at the domain different from the second security server
In;First equipment uses the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt is signed
Name, wherein a is the random number that first equipment generates, and g is the generator of cyclic group G;And by the body of first equipment
Part idi, the group element gaWith the group element g of the signatureaIt is transferred to second equipment.
In conjunction with the 19th aspect, according to embodiments of the present invention, described instruction includes being used to indicate the processor to hold
The following instruction operated of row: the group element (g of signature is received from second equipmenta||gb) and group element gb;Using with the base
In the identity id of the associated verifying function and second equipment of the Self-certified signature scheme of identityjVerify group's member of the signature
Element (ga||gb);In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbMeter
Calculate the first shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and
By by the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;By by described first
Shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;And by first authentication data
AdiIt is transferred to second equipment.
20th aspect according to the present invention, a method of generating common session key SK, the common session key SK
It is compiled for the digital communication between the first equipment i and the second equipment j to the Self-certified signature scheme for participating in identity-based
Code, which comprises second equipment receives the instruction for being used for following operation from the second security server: according to from described
The random number r that the received second group of parameter of second security server and second equipment generatej1Calculate private cipher key skj,
Described in the second random number r for being generated according to second security server of the second security serverj2Including described first is random
Number rj1The second group component, main privacy key xjAnd with master public key mpkjAssociated parameter generates second group of ginseng
Number, wherein second equipment generates second group component and is transmitted to second security server;By described
The identity id of one equipmenti, group element gaWith the group element g of signatureaIt is transferred to second equipment;Using with the identity-based
Self-certified signature scheme it is associated verifying function and first equipment identity idiVerify the group element g of the signaturea,
The group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme and the private cipher key sk of the identity-based are usedj
To group element (ga||gb) sign, wherein b is the random number that first equipment generates;And it is the group of the signature is first
Element (ga||gb) and group element gbIt is transferred to first equipment.
In conjunction with the 20th aspect, according to embodiments of the present invention, the method also includes: it is received from first equipment
First authentication data Adi;According to the group element gaThe second shared secret k is calculated with the group element bji;By by described
Two shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;By by the key vkjIt is supplied to authentication data
Derivation function calculates the second authentication data Adj;Determine the second authentication data AdjWhether with the first authentication data Adi?
Match;And work as the second authentication data AdjWith the first authentication data AdiWhen matching, by by second shared secret
kjiIt is supplied to the cipher key derivation function and generates the common session key SK.
The 20th on the one hand according to the present invention, a kind of the second equipment generating common session key SK, the common session
It is logical that key SK is used for the number between the first equipment and second equipment to the Self-certified signature scheme for participating in identity-based
Letter is encoded, and second equipment includes: processor;And the non-transient medium that the processor is readable, the medium
Store instruction, described instruction make the processor execute following operation when being executed by the processor: from the second safety clothes
Device of being engaged in receives the instruction for being used for following operation: according to from the received second group of parameter of second security server and described second
The random number r that equipment generatesj1Calculate private cipher key skj, wherein second security server is according to second security service
The second random number r that device generatesj2Including the first random number rj1The second group component, main privacy key xjAnd and Your Majesty
Open key mpkjAssociated parameter generates second group of parameter, wherein second equipment generates second group component and will
It is transferred to second security server;By the identity id of first equipmenti, group element gaWith the group element g of signatureaIt passes
It is defeated to arrive second equipment;It is set using with the associated verifying function of the Self-certified signature scheme of the identity-based and described first
Standby identity idiVerify the group element g of the signaturea;In the group element g of the signatureaWhen passing through verifying, it is based on using described
The Self-certified signature scheme of identity and the private cipher key skjTo group element (ga||gb) sign, wherein b is described first
The random number that equipment generates;And by the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment.
On the one hand in conjunction with the described 20th, according to embodiments of the present invention, described instruction includes being used to indicate the processor
It executes the following instruction operated: receiving the first authentication data Ad from first equipmenti;According to the group element gaWith the group
Element gbCalculate the second shared secret kji;By by the second shared secret kjiIt is close to be supplied to cipher key derivation function calculating second
Key vkj;By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;Determine described second
Authentication data AdjWhether with the first authentication data AdiMatching;And work as the second authentication data AdjRecognize with described first
Demonstrate,prove data AdiWhen matching, by by the second shared secret kjiIt is supplied to the cipher key derivation function and generates the public meeting
Talk about key SK.
22nd aspect according to the present invention, a method of generating common session key SK, the common session key
SK is used for the datagram to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
The first equipment i and the second equipment j of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Between digital communication encoded, which comprises first equipment from security server receive be used for following operation
Instruction: according to the random number r generated from the received first group of parameter of the security server and first equipmenti1It calculates private
There is key ski, wherein the second random number r that the security server is generated according to the security serveri2Including described first
Random number ri1The first group component, main privacy key x and generate first group of ginseng with the associated parameter of master public key mpk
Number, wherein first equipment generates first group component and is transmitted to the security server;And with described
The communication of two equipment, the Self-certified signature scheme using identity-based are that the tls protocol or the DTLS agreement generate the public affairs
Words key SK is met together, wherein the identity id of first equipmentiIncluded in the certificate message of first equipment, described second
The identity id of equipmentjIncluded in the certificate message of second equipment, the Self-certified signature scheme of the identity-based is by skj
With the skiIt determines, the skjThe private cipher key calculated for second equipment.
23rd aspect according to the present invention, a kind of the first equipment generating common session key SK, the common session
Key SK is used for the number to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
According to the first equipment i and the of report Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Digital communication between two equipment j is encoded, and first equipment includes: processor;And readable non-of the processor
Instantaneity medium, the medium storing instructions, described instruction execute the processor with
Lower operation: the instruction for being used for following operation is received from security server: according to from the received first group of ginseng of the security server
The random number r that several and first equipment generatesi1Calculate private cipher key ski, wherein the security server is according to the safety
The second random number r that server generatesi2Including the first random number ri1The first group component, main privacy key x and with
The associated parameter of master public key mpk generates first group of parameter, wherein first equipment generates first group component
And it is transmitted to the security server;And communicated with second equipment, use the Self-certified signer of identity-based
Case is that the tls protocol or the DTLS agreement generate the common session key SK, wherein the identity id of first equipmenti
Included in the certificate message of first equipment, the identity id of second equipmentjIncluded in the certificate of second equipment
In message, the Self-certified signature scheme of the identity-based is by skjWith the skiIt determines, the skjFor the second equipment meter
The private cipher key of calculation.
Twenty-fourth aspect according to the present invention, a method of generating common session key SK, the common session key
SK is used for the datagram to Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
The first equipment i and the second equipment j of Transport Layer Security (Datagram Transport Layer Security, DTLS) agreement
Between digital communication encoded, which comprises security server use identity-based Self-certified signature scheme, root
According to the identity id of first equipmentiPrivate cipher key sk is generated for first equipmenti, according to the identity id of second equipmentj
Private cipher key sk is generated for second equipmentj;And by the private cipher key skiIt is transferred to first equipment, by the private
There is key skjIt is transferred to second equipment, so that first and second equipment is used for oneself of the identical identity-based of use
The tls protocol or the DTLS agreement of the authentication signature scheme between first equipment and second equipment generate institute
Common session key SK is stated, wherein the identity id of first equipmentiIt is described included in the certificate message of first equipment
The identity id of second equipmentjIncluded in the certificate message of second equipment, the Self-certified signature scheme of the identity-based
By the skjWith the skiIt determines.
25th aspect according to the present invention, a kind of security server generating common session key SK, the public meeting
Key SK is talked about to be used for Transport Layer Security (Transport Layer Security, the TLS) agreement or extension for participating in extension
The first equipment i and second of Datagram Transport Layer safety (Datagram Transport Layer Security, DTLS) agreement
Digital communication between equipment j is encoded, and the security server includes: processor;And readable non-of the processor
Instantaneity medium, the medium storing instructions, described instruction execute the processor with
Lower operation: using the Self-certified signature scheme of identity-based, according to the identity id of first equipmentiIt is raw for first equipment
At private cipher key ski, according to the identity id of second equipmentjPrivate cipher key sk is generated for second equipmentj;And by institute
State private cipher key skiIt is transferred to first equipment, by the private cipher key skjIt is transferred to second equipment;To described the
One and second equipment be used for using identical identity-based Self-certified signature scheme be first equipment and described second set
The tls protocol or the DTLS agreement between standby generate the common session key SK, wherein the body of first equipment
Part idiIncluded in the certificate message of first equipment, the identity id of second equipmentjIncluded in second equipment
In certificate message, the Self-certified signature scheme of the identity-based is by the skjWith the skiIt determines.
Detailed description of the invention
It describes in the following detailed description and the above advantages and features according to the present invention is shown in the following figures:
Fig. 1, which is shown, according to an embodiment of the present invention indicates a kind of entity to certification and for having authenticated the public of entity pair
The block diagram of session key generation system.
It is indicated in a kind of electronic equipment or server for implementing embodiment Fig. 2 shows according to an embodiment of the present invention
Component block diagram.
Fig. 3 shows the equipment in the Self-certified signature scheme of identity-based according to an embodiment of the present invention for generating private
There is the timing diagram of key sk.
Fig. 4 shows the common session that progress entity according to an embodiment of the present invention has authenticated entity pair to certification and generation
The timing diagram of key.
Fig. 5 shows a kind of verifying second instance authenticity according to an embodiment of the present invention and generates common session key
The flow chart of process.
Specific embodiment
The present invention relates to a kind of equipment for the Self-certified signature scheme for participation identity-based to generate private cipher key
System and method, wherein common session of the equipment using private cipher key creation for being encoded to equipment room digital communication is close
Key.Specifically, the private cipher key that system and a method according to the invention generates only is that equipment itself is known, without for it is any its
Known to its third party.
In addition, before calculating common session key, entity pair or equipment will be to will first verify that each entity or equipment
Authenticity.Once each entity is by certification, to then will then generate common session key, which is used for entity
Digital communication between entity is encoded.
Fig. 1 shows the block diagram that entity according to an embodiment of the present invention generates system to certification and common session key.
It would be recognized by those skilled in the art that without deviating from the invention, term " entity " and " equipment " can be in this specification
In be used interchangeably.
System shown in FIG. 1 includes being wirelessly connected to the equipment or entity 105,110 of security server 120.105 He of entity
110 include but is not limited to respectively to be able to carry out any equipment of wireless communication function, such as smart phone, tablet computer, movement
The wearable electronics such as computer, notebook, smartwatch, intelligent plug in smart machine or can support Internet of Things
The transceiver, etc. found in the equipment of (Internet of Things, IoT).
For security server 120, which may include safe Cloud Server or remote security service device, can
It is carried out wireless communication by internet 115 or directly with entity 105 and 110.If server 120 is for passing through internet
115 are communicated with entity 105 and 110, then server 120 can be by including but is not limited to cellular network, satellite network, electricity
The cable networks such as communication network or wide area network (Wide Area Network, WAN) or wireless network 125 are communicated.Or
Person can be by including but is not limited to Wireless Fidelity if server 120 is used to directly communicate with entity 105 and 110
(Wireless-Fidelity, Wi-Fi), bluetooth or near-field communication (Near Field Communication, NFC) etc. are wireless
Network 130 carries out.It should be noted that entity 105 and 110 can use wireless network 125 (passing through internet) or wireless network 130
(direct communication) carrys out message exchanging data with one another.
Fig. 2 shows it is according to an embodiment of the present invention indicate for implement embodiment be set to entity 105,110 and service
The block diagram of the component in electronic equipment 200 in device 120.It would be recognized by those skilled in the art that being set to entity or server
The exact configuration of interior each electronic equipment may be different, and the exact configuration of electronic equipment 200 may be different, and Fig. 2
It is provided by way of example only.
In embodiments of the present invention, equipment 200 includes controller 201 and user interface 202.User interface 202 is for branch
The manual interaction between user and electronic equipment 200 is held, is set for this purpose, user interface is included in user input instruction with controlling electronics
Required input output assembly when standby 200.It would be recognized by those skilled in the art that the component of user interface 202 may basis
Embodiment and it is different, but one or more of generally include display 240, keyboard 235 and track pad 236.
Controller 201 carries out data communication by bus 215 and user interface 202, and including memory 220, installation
It is used for process instruction and data on circuit boards to execute the central processing unit (Central of the method for the present embodiment
Processing Unit, CPU) 205, operating system 206, the input/output (input/ communicated with user interface 202
Output, I/O) interface 230 and in the present embodiment be 250 form of network interface card communication interface.Network interface card 250 can be used for passing through
Wired or wireless network sends other processing equipments from electronic equipment 200 for data, or is received by wired or wireless network
Data etc..The wireless network that network interface card 250 can be used includes but is not limited to Wireless Fidelity (Wireless-Fidelity, Wi-
Fi), bluetooth, near-field communication (Near Field Communication, NFC), cellular network, satellite network, telecommunication network, wide
Domain net (Wide Area Network, WAN) etc..
Memory 220 and operating system 206 pass through bus 210 and the progress data communication of CPU 205.Memory assembly includes
Volatile and non-volatile memory and a variety of following memories: random access memory (Random Access Memory,
RAM) 220, read-only memory (Read Only Memory, ROM) 225 and mass-memory unit 245 further include one or more
A solid state drive (solid-state drive, SSD).Memory 220 further includes secure storage 246, for safely storing
Privacy key or private cipher key.It should be noted that the content in secure storage 246 only can be by the power user or administrator of equipment 200
Access, and can not be accessed by any user of equipment 200.It would be recognized by those skilled in the art that above-mentioned memory assembly includes
Non-transient computer-readable medium and it is intended to embrace all computer-readable mediums in addition to instantaneity transmitting signal.
In general, instruction is stored in memory assembly as program code, but hardwired can also be carried out.Memory 220 can wrap
Kernel and/or programming module are included, such as can store the software application in volatibility or nonvolatile memory.
The terms " CPU " are used to refer to any equipment or component for being capable of handling these instructions, and may include:
Microprocessor, microcontroller, programmable logic device or other calculating equipment.That is, CPU205 can be by any suitable
Logic circuit provide, for receive input, according to instruction stored in memory handle input and generate output (such as give birth to
At the output in memory assembly or the output on display 240).In the present embodiment, CPU205 can be with addressable
The single or multiple core processor of memory headroom.In one example, CPU205 can be multi-core CPU, including 8 core CPU etc..
Generate private cipher key
Fig. 1 is returned to, entity 105 and 110 is being added to entity according to an embodiment of the present invention to certification and common session
Before key generation system, the server 120 for being configured to key generation centre will be first according to the signer of discrete logarithm type
Case initiates a setting procedure, to generate main privacy key " x " and master public key " y ".In the setting procedure, server
120 will determine the cyclic group G of a suitable generator g with Prime Orders q and G first.In embodiments of the present invention, it recycles
The elliptic curve that group G will be determined based on finite field or in finite field.
Then, server 120 will select an encryption collision resistant hash-function H:WhereinFor this
Appropriate whole integer known to the technical staff of field.Server 120 also by the authentication data derivation function to be used in selection system and
Cipher key derivation function.In embodiments of the present invention, authentication data derivation function (Authentication Data Deriving
Function, AdDF) it may include for verifying message authentication code (message authentication code, MAC), disappearing
Any algorithm or scheme of the breath message authenticities such as integrity code or keyed hash function, and cipher key derivation function (Key
Deriving Function, KDF) it may include for any scheme from secret derivation privacy key, such as collisionless hash
Function.
Once completing selection, server 120 is then then from the integer set of permissionThe middle main privacy key of selection
" x ", if y=gx, master public key " mpk " is set as mpk={ G, g, q, y, H, AdDF, KDF }.
It should be noted that above-mentioned setting procedure is similar to the Self-certified signer for initiating the identity-based of setting discrete logarithm type
The process of case, the Self-certified signature scheme of this identity-based include but is not limited to be based on defined in ISO/IEC 29192-4
Defined in the signature scheme or IETF RFC 6507 of light weight identity based on elliptic curve without certificate signature scheme.This
In the Self-certified signature scheme of identity-based, the signature that specific user the generates private signature key comprising the user or private always
There is fixed component specific to key.Therefore, this fixed component is expressed as key private data (key- in the present invention
Specific data, KSD), wherein KSD can be used to verify the signature of generation.For purposes of illustration, all realities below
It applies using identity-based signature scheme defined in ISO/IEC29192-4 in example, still, for those skilled in the art
Speech, the system and method can directly be readily applied to the Self-certified signature scheme of other identity-baseds by change appropriate,
Such as scheme specified in IETF RFC 6507.
When system is added in entity 105 or 110, security server 120 is that key generation centre will issue each entity
Exclusive private cipher key.These exclusive private cipher keys, which once generate, will send each entity to, then each private cipher key
It will be stored in the safe storage inside each entity 105 and 110.Fig. 3, which shows, generates private cipher key for entity 105.
Specifically, entity 105 will firstly generate random number at step 305 when entity 105 is registered in server 120WhereinFor the non-zero residual of modulus q.Then, entity 105 will use random number ri1Calculate arbitrary value Ri1ForAt step 310, entity 105 is by arbitrary value Ri1And its identity idiSend server 120 to.The body of entity 105
Part idiIt may include its user name, e-mail address, telephone number, IP address, MAC Address or unique identification can be used to
Any alphanumeric of entity 105.
At step 315, server 120 will receive arbitrary value Ri1With the identity id of entity 105i.Then, server 120
Select random numberWhereinFor the non-zero residual of modulus q.Then, according to the random number r of selectioni2With the letter received
Breath, server 120, which calculates, will be supplied to the arbitrary value R of entity 105iForOrAnd calculate integer
si1For si1=ri2+xH(Ri, idi) (mod q) or si1=-ri2+xH(Ri, idi) (mod q), wherein x for it previous existence at master it is secret
Key " x ", H () be mpk parameter in include hash function.
Then, at step 320, server 120 is by arbitrary value RiWith integer si1It is transferred to entity 105.Receiving this
When information, entity 105 will then calculate integer s at step 325iFor si=si1+ri1(mod q).Then, entity 105 by its
Private cipher key skiIt is set as ski=(Ri, si)。
In an alternative embodiment of the invention, at step 315, according to the random number r of selectioni2With the letter received in the step
Breath, server 120, which will calculate, will be supplied to the arbitrary value R of entity 105iForAnd calculate integer si1For si1=
ri2+xH(Ri, idi) (mod q), wherein x for it previous existence at main privacy key " x ", H () be mpk parameter in include dissipate
Array function.
Then, at step 320, server 120 is by arbitrary value RiWith integer si1It is transferred to entity 105.Receiving this
When information, entity 105 will then calculate integer s at step 325iFor si=si1-ri1(mod q).Then, entity 105 by its
Private cipher key skiIt is set as ski=(Ri, si)。
In still another embodiment of the process, when entity 105 is registered in server 120, entity 105 is at step 305
Random number will be firstly generatedWhereinFor the non-zero residual of modulus q.Then, entity 105 will use random number ri1Meter
Calculate arbitrary value Ri1ForIn addition, entity 105 will additionally generate c=HEnc (ri1 -1Mod q) determine homomorphic cryptography value
C, wherein HEnc () indicates that additive homomorphism encryption function, HDec () indicate corresponding decryption function.In embodiments of the present invention,
Additive homomorphism encryption/decryption function is based on Paillier encryption system, wherein HEnc (m1)·HEnc(m2)=HEnc (m1+m2),
And
At step 310, entity 105 is by arbitrary value Ri1, its identity idi, generate homomorphic cryptography value c and additive homomorphism
Encryption function sends server 120 to.Equally, the identity id of entity 105iIt may include its user name, e-mail address, electricity
Talk about number, IP address, MAC Address or any alphanumeric that unique identification entity 105 can be used to.
At step 315, server 120 will receive homomorphic cryptography value c, arbitrary value Ri1And the identity id of entity 105i。
Then, server 120 selects random numberWhereinFor the non-zero residual of modulus q.Then, according to the random of selection
Number ri2With the information received, server 120, which calculates, will be supplied to the arbitrary value R of entity 105iForAnd it calculates whole
Number si1ForWherein x for it previous existence at main privacy key " x ", H () be mpk ginseng
The hash function for including in number.Integer si1It can extend further to si1=HEnc (ri2+ri1 -1xH(Ri, idi)mod q)。
Then, at step 320, server 120 is by arbitrary value RiWith integer si1It is transferred to entity 105.Receiving this
When information, entity 105 will then calculate integer s at step 325iFor si=ri1HDec(si1)=ri1ri2+xH(Ri, idi)
(mod q).Then, entity 105 is by its private cipher key skiIt is set as ski=(Ri, si)。
In still another embodiment of the process, when entity 105 is registered in server 120, entity 105 is at step 305
Random number will be firstly generatedWhereinFor the non-zero residual of modulus q.Then, entity 105 will use random number ri1Meter
Calculate arbitrary value Ri1ForIn addition, entity 105 will generate c=HEnc (ri1) determine homomorphic cryptography value c, wherein
HEnc () indicates that additive homomorphism encryption function, HDec () indicate corresponding decryption function.
Then, at step 310, entity 105 is by arbitrary value Ri1, its identity idiAnd the homomorphic cryptography value c transmission generated
To server 120.
At step 315, server 120 will receive homomorphic cryptography value c, arbitrary value Ri1And the identity id of entity 105i。
Then, server 120 selects random numberWhereinFor the non-zero residual of modulus q.Then, according to the random of selection
Number ri2With the information received, server 120, which calculates, will be supplied to the arbitrary value R of entity 105iForAnd it calculates whole
Number si1ForWherein x for it previous existence at main privacy key " x ", H () is mpk
The hash function for including in parameter.Integer si1It can extend further to si1=HEnc (ri2+ri1.xH(Ri, idi)mod q).。
Then, at step 320, server 120 is by arbitrary value Ri and integer si1It is transferred to entity 105.Receiving this
When information, entity 105 will then calculate integer s at step 325iFor si=ri1 -1HDec(si1)=ri2/ri1+xH(Ri, idi)
(mod q).Then, entity 105 is by its private cipher key skiIt is set as ski=(Ri, si)。
In an alternative embodiment of the invention, when entity 105 is registered in server 120, entity 105 is at step 305
Random number will be firstly generatedWhereinFor the non-zero residual of modulus q.Then, entity 105 will use random number ri1Meter
Calculate arbitrary value Ri1ForIn addition, entity 105 will generate c=HEnc (ri1 -1) determine homomorphic cryptography value c, wherein
HEnc () indicates that additive homomorphism encryption function, HDec () indicate corresponding decryption function.
Then, at step 310, entity 105 is by arbitrary value Ri1, its identity idiAnd the homomorphic cryptography value c transmission generated
To server 120.
At step 315, server 120 will receive homomorphic cryptography value c, arbitrary value Ri1And the identity id of entity 105i。
Then, server 120 selects random numberWhereinFor the non-zero residual of modulus q.Then, according to the random of selection
Number ri2With the information received, server 120, which calculates, will be supplied to the arbitrary value R of entity 105iForAnd it calculates
Integer si1ForWherein x for it previous existence at main privacy key " x ", H () is
The hash function for including in the parameter of mpk.Integer si1It can extend further to si1=HEnc (ri2 -1+ri1 -1.xH(Ri, idi)
mod q)。
Then, at step 320, server 120 is by arbitrary value RiWith integer si1It is transferred to entity 105.Receiving this
When information, entity 105 will then calculate integer s at step 325iFor si=ri1HDec(si1)=ri1/ri2+xH(Ri, idi)
(mod q).Then, entity 105 is by its private cipher key skiIt is set as ski=(Ri, si)。
It should be noted that the private cipher key sk generated according to above-described embodimentiIt only can individually be calculated by entity 105.In other words
It says, server 120 haves no right the entity in the Self-certified signature scheme for the identity-based and calculates private cipher key.
Private cipher key is generated by zero-knowledge proof
Above-described embodiment is not by the private cipher key trustship of equipment to key generation centre.More generally applicable embodiment may
Ask key generation centre that the difficulty that key escrow generates is adjusted, wherein difficulty is determined by system parameter λ.In order to enable being
System has controllability, introduces system parameter λ so that the random number r that entity 105 is produced and used is arrangedi1Length.This reality
Applying example may be used on any previous embodiment, in the present embodiment, zero-knowledge proof function ZKP () be applied to random number ri1
With system parameter λ, thus generate ZKP (| ri1|, λ), r is shown in a manner of Zero Knowledgei1Length, | ri1|≤λ.Due to letter
Number ZKP () is known to those skilled in the art, therefore for simplicity, omits it and operates in detail.On the whole, function
ZKP () will use random number ri1Zero-knowledge proof result is generated with system parameter λ.Then, by the zero-knowledge proof result together with
idiWith any Ri1Server 120 is transferred to from entity 105.
When server 120 receives arbitrary value Ri1When, server 120 will check zero-knowledge proof before further operation
As a result validity.If server 120 determines r according to zero-knowledge proof resulti1Length be less than or equal to system parameter λ, then
System 120 is by normal operating.Conversely, system 120 will stop private cipher key generating process.
It should be noted that can also repeat to walk described in the various embodiments described above for other entities including entity 110
Rapid 305 to 325, to generate private cipher key sk for entity 110j, wherein skj=(Rj,sj).In addition, those skilled in the art will
It recognizes, above-described embodiment can be applied to any number of equipment or entity, privately owned to generate for each entity in system
Key.
Private cipher key is generated by cross-domain KGC
In an alternative embodiment of the invention, it is real that other security server (not shown) alternative servers 120, which can be used,
Body 110 generates private cipher key skj, wherein skj=(Rj,sj).This means that step 305 to 325 and the various embodiments described above can be with
It is executed in non-server 120 for entity 110 in other security servers.In the cross-domain authentication key exchange method, make
It is that entity 105 generates private signature key, and is with security server 120 using another individual security server (not shown)
Entity 110 generates private signature key.In this embodiment, each security server has a set of main privacy key of oneself
" x " and master public key " y ".
Once private cipher key has been stored in the safe storage of respective entity, entity pair, i.e., entity 105 and 110 can
To start identifying procedure.Then, success identity that at this point, entity to continuing to generate for logical to the number sent each other
The common session key that letter is encoded or signed.
Static Diffie-Hellman authentication key exchange agreement
In embodiments of the present invention, using static Diffie-Hellman authentication key exchange agreement in 105 He of participant
Common session key is generated between 110.With reference to Fig. 4, entity 105 first passes through selection cryptographic random number NiRecognize to the initiation of entity 110
Card process.The cryptographic random number of selection may include any randomly or pseudo-randomly counting.Then, the password of 105 calculate the signature of entity
Random number ci, wherein the cryptographic random number c to signiBy ci=SC-IBS.Sign (ski,Ni) determine, wherein SC-IBS.Sign ()
For the signature function of the Self-certified signature scheme of identity-based, skiFor the privately owned of the entity 105 that is generated by step shown in Fig. 3
Key.In other words, using function SC-IBS.Sign () and private cipher key skiTo cryptographic random number NiIt signs.
Then, at step 405, entity 105 is by the identity id of entity 105i, signature cryptographic random number ciValue and
Pseudo random number NiIt is transferred to entity 110.
In the information for receiving transmission, entity 110 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function/algorithm SC-IBS.Verify () and entity 105iVerify ci.Letter will be verified by being verified entity 110
Number applies to ciWith identity idiTo generate SC-IBS.Verify (idi,ci) realize.If authentication failed, entity 110 will in
The only process.Conversely, in the cryptographic random number c of good authentication signatureiWhen, entity 110 will then select random number Nj, then will
Cryptographic random number NjSignature is cj=SC-IBS.Sign (skj,Ni||Nj), wherein skjFor the reality generated by step shown in Fig. 3
The private cipher key of body 110.
Then, at step 410, entity 110 is then by the cryptographic random number c of signaturejValue and pseudo random number NjIt is transferred to
Entity 105.
In the information for receiving transmission, entity 105 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 110jVerify cj.Function utilization will be verified by being verified entity 105
To cjWith identity idjTo generate SC-IBS.Verify (idj,cj) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, entity 105 will calculate shared secret kij, whereinRjFor cjA part, meter
Calculate first key vki=KDF (kij), and calculate the first authentication data Adi=AdDF (vki,Nj).After completing this operation, entity
105 will calculate common session key SK as SK=KDF (kij,Ni,Nj)。
Then, at step 415, entity 105 is by the first authentication data AdiIt is transferred to entity 105.
Receiving the first authentication data AdiWhen, entity 110 will calculate shared secret kji, whereinRiFor ciA part, calculate the second key vkj=KDF (kji), and calculate the second certification number
According to Adj=AdDF (vkj,Nj).After completing this operation, entity 105 will determine the second authentication data AdjWhether with receive first
Authentication data AdiMatching.If not finding to match, which stops.Alternatively, if it finds a match, entity 110 will calculate it is public
Session key SK is SK=KDF (kji,Ni,Nj)。
In another embodiment of static Diffie-Hellman authentication key exchange agreement, using Option Field op_f1,
Op_f2, op_f3, op_f4, op_f5, op_f6 and op_f7, if be applicable in, these fields may include system entity identity or
Any application specific data that entity itself determines.
Referring to fig. 4, entity 105 first passes through selection cryptographic random number NiVerification process is initiated to entity 110.Then, entity
The cryptographic random number c of 105 calculate the signaturesi, wherein the cryptographic random number c to signiBy ci=SC-IBS.Sign (ski,Ni||op_
f1) determine, wherein SC-IBS.Sign () is the signature function of the Self-certified signature scheme of identity-based, skiTo pass through Fig. 3 institute
Show the private cipher key for the entity 105 that step generates.In other words, using function SC-IBS.Sign () and private cipher key skiTo password
Random number NiIt signs.
Then, at step 405, entity 105 is then by Option Field op_f2, the identity id of entity 105i, signature it is close
Code random number ciValue and pseudo random number NiIt is transferred to entity 110.
In the information for receiving transmission, entity 110 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 105iVerify ci.Function utilization will be verified by being verified entity 110
To ciWith identity idiTo generate SC-IBS.Verify (idi,ci) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, in the cryptographic random number c of good authentication signatureiWhen, entity 110 will then select random number Nj, then by password with
Machine number NjSignature is cj=SC-IBS.Sign (skj,Ni||Nj| | op_f3), wherein skjFor the reality generated by step shown in Fig. 3
The private cipher key of body 110.
Then, at step 410, entity 110 is then by Option Field op_f4, the cryptographic random number c of signaturejValue and
Pseudo random number NjIt is transferred to entity 105.
In the information for receiving transmission, entity 105 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 110jVerify cj.Function utilization will be verified by being verified entity 105
To cjWith identity idjTo generate SC-IBS.Verify (idj,cj) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, entity 105 will calculate shared secret kji, whereinCalculate first key vki=KDF (kji, op_f5),
And calculate the first authentication data Adi=AdDF (vki,Nj,op_f6).After completing this operation, it is close that entity 105 will calculate common session
Key SK is SK=KDF (kji,Ni,Nj,op_f7)。
Then, at step 415, entity 105 is by the first authentication data AdiIt is transferred to entity 110.
Receiving the first authentication data AdiWhen, entity 110 will calculate shared secret kji, whereinCalculate the
Two key vkj=KDF (kji, op_f5), and calculate the second authentication data Adj=AdDF (vkj,Nj,op_f6).Complete this operation
Afterwards, entity 105 will determine the second authentication data AdjWhether with the first authentication data Ad for receivingiMatching.If not finding to match,
The process stops.Alternatively, if it finds a match, it is SK=KDF (k that entity 110, which will calculate common session key SK,ji,Ni,Nj,
op_f7)。
In still another embodiment of the process, in above-mentioned steps, cryptographic random number NiAnd NjIt can be by interim Diffie
Hellman (Diffie-Hellman, DH) common value gaAnd gbInstead of kijAnd kjiPass through gsi·sjAnd gabThe two obtains.This reality
All features that interim DH agreement is inherited in regular meeting are applied, and safer.
Static Diffie-Hellman authentication key exchange agreement expands to TLS
In yet another embodiment of the invention, the thinking of above-mentioned static state Diffie-Hellman key exchange can extend to biography
Defeated layer safety (Transport Layer Security, TLS) or Datagram Transport Layer safety (Datagram Transport
Layer Security, DTLS).Specifically, the shared secret k between above-mentioned generation entity 105 and entity 110ij(and
kji) the step of it is actually identical as the spirit for the static DH encryption suite for including in TLS v1.2.Therefore, those skilled in the art
It can be with easy expansion tradition TLS, such as TLS v1.2, to include that a set of static state DH is encrypted on the basis of above-mentioned Self-certified IBS
External member.In this embodiment of the invention, the server certificate message in tls protocol is set to the id of entity 110jAnd its it is close
Key private data Rj, the client message in tls protocol is set as the id of entity 105iAnd its key private data Ri, tls protocol
Other steps and operations standardized in accordance with TLS, but allow because use identity-based Self-certified sign due to directly carry out it is corresponding
Change.
Interim Diffie-Hellman (DH) authentication key exchange agreement
In yet another embodiment of the invention, authenticated using interim Diffie-Hellman (Diffie-Hellman, DH) close
Key exchange agreement generates the common session key between participant 105 and 110.Entity 105 and 110 respectively possesses and ISO/IEC
The corresponding private cipher key of IBS Self-certified scheme of 29192-4 or IETF RFC 6507.
With reference to Fig. 4, entity 105 first passes through selection random valueAnd the c of calculate the signatureiIt was authenticated to the initiation of entity 110
Journey, wherein ciBy ci=SC-IBS.Sign (ski,ga) determine, wherein SC-IBS.Sign () is that the Self-certified of identity-based is signed
The signature function of scheme, skiPrivate cipher key for the entity 105 generated by step shown in Fig. 3, gaFor group element.In other words,
Use function SC-IBS.Sign () and private cipher key skiTo group element gaIt signs.
Then, at step 405, entity 105 is then by the identity id of entity 105i, signature ciValue and group element
gaIt is transferred to entity 110.
In the information for receiving transmission, entity 110 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 105iVerify ci.Function utilization will be verified by being verified entity 110
To ciWith identity idiTo generate SC-IBS.Verify (idi,ci) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, in good authentication ciWhen, entity 110 will then select random value b, whereinAnd it will continue to calculate cj=SC-
IBS.Sign(skj,ga||gb), wherein skjPrivate cipher key for the entity 110 generated by step shown in Fig. 3.
Then, at step 410, entity 110 is then by the group element c of signaturejValue and group element gbIt is transferred to entity
105。
In the information for receiving transmission, entity 105 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 110jVerify cj.Function utilization will be verified by being verified entity 105
To cjWith identity idjTo generate SC-IBS.Verify (idj,cj) realize.If authentication failed, entity 105 will stop the mistake
Journey.Conversely, entity 105 will calculate shared secret kij, wherein kij=a·b, calculate first key vki=KDF (kij), and calculate the
One authentication data Adi=AdDF (vki).After completing this operation, it is SK=KDF that entity 105, which will calculate common session key SK,
(kij)。
Then, at step 415, entity 105 is by the first authentication data AdiIt is transferred to entity 110.
Receiving the first authentication data AdiWhen, entity 110 will calculate shared secret kji, wherein kji=a·b, calculate second
Key vkj=KDF (kji), and calculate the second authentication data Adj=AdDF (vkj).After completing this operation, entity 110 will determine the
Two authentication data AdjWhether with the first authentication data Ad for receivingiMatching.If not finding to match, which stops.Alternatively, such as
Fruit discovery matching, it is SK=KDF (k that entity 110, which will calculate common session key SK,ji)。
The interim DH authentication key exchange agreement of cross-domain KGC
In another embodiment of interim Diffie-Hellman authentication key exchange agreement, the key of entity 105 and 110
Generation center from different domain (i.e. the two key generation centres respectively possess itself main privacy key and Your Majesty open it is close
Key).In this embodiment, by the identity id of entity 105 at step 405i, signature ciValue and group element gaIt is transferred to reality
Before body 110, entity 105 will share the master public key of its key generation centre with entity 110, and equally, entity 110 will be with reality
Body 105 shares the master public key of its key generation centre.In addition, entity 105, which can negotiate determination with entity 110, to be used
Finite field group appropriate generator g.Nevertheless, the master public key that two entities will use is necessary for institute each other
Know, it is necessary to g is determined before step 405, so that entity 105 and 110 is then able to verify mutual signature and progress
Interim Diffie-Hellman key exchange.Then, step 410 is executed as described above to 415.
Interim DH authentication key exchange agreement expands to tls protocol
In yet another embodiment of the invention, above-mentioned thinking can be used for extending transport layer safety (Transport Layer
Security, TLS) or Datagram Transport Layer safety (Datagram Transport Layer Security, DTLS).Specifically
For, on the basis of using the Self-certified signature scheme of identity-based, above-mentioned steps can adapt to entity 105 and entity
Tls protocol between 110.In this embodiment of the invention, it is replaced in traditional tls handshake protocol using IBS Self-certified scheme
DSS/ECDSA or RSA digital signature scheme.In addition, respectively by the server certificate message and client message in tls protocol
It is set as the identity id of entity 110jWith the identity id of entity 105i, and the key private data (key of entity 110 and entity 105
Specific data, KSD) it is a part that respective entity is signed.Other steps and operations of tls protocol are standardized in accordance with TLS,
But allow the corresponding change because using the Self-certified of identity-based directly to carry out due to signature.In this embodiment of the invention, may be used
With existing Self-certified sides IBS such as the embodiment, ISO/IEC 29192-4 and the IETF RFC that are generated according to any of the above-described private cipher key
The key generation process of case or the private cipher key that entity 105 is generated above by the embodiment that cross-domain KGC generates private cipher key
skiWith the private cipher key sk of entity 110j。
In another embodiment of interim Diffie-Hellman authentication key exchange agreement, using Option Field op_f1,
Op_f2, op_f3, op_f4, op_f5, op_f6 and op_f7, if be applicable in, these fields may include system entity identity or
Any application specific data that entity itself determines.
With reference to Fig. 4, entity 105 first passes through selection random valueAnd the group element c of calculate the signatureiIt is initiated to entity 110
Verification process, wherein the group element c to signiBy ci=SC-IBS.Sign (ski,ga||op_f1) determine, SC-IBS.Sign ()
For the signature function of the Self-certified signature scheme of identity-based, skiFor the privately owned of the entity 105 that is generated by step shown in Fig. 3
Key, gaFor group element.In other words, using function SC-IBS.Sign () and private cipher key skiTo group element gaIt signs.
Then, at step 405, entity 105 is then by Option Field op_f2, the identity id of entity 105i, signature ci
Value and group element gaIt is transferred to entity 110.
In the information for receiving transmission, entity 110 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 105iVerify ci.Function utilization will be verified by being verified entity 110
To ciWith identity idiTo generate SC-IBS.Verify (idi,ci) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, in the cryptographic random number c of good authentication signatureiWhen, entity 110 will then select random value b, whereinAnd
It will continue to calculate cj=SC-IBS.Sign (skj,ga||gb| | op_f3), wherein skjFor the entity generated by step shown in Fig. 3
110 private cipher key.
Then, at step 410, entity 110 is then by Option Field op_f4, the c of signaturejValue and group element gbTransmission
To entity 105.
In the information for receiving transmission, entity 105 will then use corresponding with the Self-certified signature scheme of identity-based
Verify the identity id of function SC-IBS.Verify () and entity 110jVerify cj.Function utilization will be verified by being verified entity 105
To cjWith identity idjTo generate SC-IBS.Verify (idj,cj) realize.If authentication failed, entity 110 will stop the mistake
Journey.Conversely, entity 105 will calculate shared secret kij, wherein kij=a·b, calculate first key vki=KDF (kij, op_f5), and
Calculate the first authentication data Adi=AdDF (vki,op_f6).After completing this operation, entity 105 will calculate common session key SK
For SK=KDF (kij,op_f7)。
Then, at step 415, entity 105 is by the first authentication data AdiIt is transferred to entity 110.
Receiving the first authentication data AdiWhen, entity 110 will calculate shared secret kji, wherein kji=a·b, calculate second
Key vkj=KDF (kji, op_f5), and calculate the second authentication data Adj=AdDF (vkj,op_f6).It is real after completing this operation
Body 110 will determine the second authentication data AdjWhether with the first authentication data Ad for receivingiMatching.If not finding to match, the mistake
Journey stops.Alternatively, if it finds a match, it is SK=KDF (k that entity 110, which will calculate common session key SK,ij,op_f7)。
An embodiment according to the present invention, a kind of equipment generation private for participate in the Self-certified signature scheme of identity-based
The method for having key sk includes following three steps:
Step 1: the second random number r that security server is generated according to the security serveri2, received first group from equipment
Component, main privacy key x and with the associated parameter of master public key mpk be the equipment calculating parameter, wherein the first group component
The the first random number r generated including equipmenti1;
Step 2: the parameter of calculating is transferred to equipment by security server;And
Step 3: equipment is according to the parameter and random number r of the calculating receivedi1Calculate private cipher key sk.
It in order to provide this system or method, needs such as next process: generating secret private cipher key for the entity of system,
And entity pair is authenticated before generating the common session key for the digital massage between entity pair to be encoded or signed
In entity.Explanation and fig. 4 to fig. 6 describe the process embodiments of offer process according to the present invention below.Fig. 5 is shown
It is configured to the process 500 that the security server, first instance " i " and second instance " j " of key generation centre execute, which uses
Secret private cipher key is generated in the entity for system, and is being generated for the digital massage between entity pair to be encoded or signed
The entity of entity centering is authenticated before the common session key of name.Process 500 is since step 505, and wherein security server is raw
At main privacy key " x " and master public key " y ".When first instance i is registered in security server, security server will be held
The step of shown in row Fig. 3 and described in foregoing description, to use the identity id of first instanceiIt is generated for first instance privately owned close
Key ski.These operations carry out all at step 510.
At step 515, when next entity, i.e., when second instance j is registered in security server, security server will be held
The step of shown in row Fig. 3 and described in foregoing description, to use the identity id of second instancejIt is generated for second instance privately owned close
Key skj。
Then, at step 520, the first and second entities are signed using signature function and with the Self-certified of identity-based
The associated corresponding verifying function of scheme verifies the information sent between two entities.
Once two entities all pass through verifying, at step 523, two entities are by shared secret.Then, it is had altogether using this
It enjoys secret for two entities generation common session keys.It is then possible to using the common session key generated to first and second
Any digital massage of exchanged between entities is signed or is encoded.Process 500 then terminates.
It is the description according to the embodiment of the system and process of the invention as illustrated in the dependent claims above.
It is expected that other people may and will design the alternative solution fallen within the scope of the appended claims.
Claims (75)
1. a kind of system for calculating private cipher key sk for the equipment for participating in the Self-certified signature scheme of identity-based, feature
It is, comprising:
Security server is used for:
The the second random number r generated according to the security serveri2, it is close from received first group component of the equipment, main secret
Key x and be the equipment calculating parameter with the associated parameter of master public key mpk, wherein first group component includes described
The first random number r that equipment generatesi1;
The parameter of the calculating is transferred to the equipment;And
The equipment, the parameter of the calculating for being received according to and the random number ri1Calculate the private cipher key sk.
2. system according to claim 1, which is characterized in that described the step of calculating the parameter for the equipment wraps
It includes:
Any first value R is retrieved from first group componenti1With the identity id of the equipmenti, wherein according to described first with
Machine number ri1Generate any first value Ri1;
Calculate the arbitrary value R of the equipmentiWith the first integer si1;And
By the arbitrary value R of the equipment of the calculatingiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
According to the second random number ri2, the main privacy key x, the equipment arbitrary value Ri, the equipment identity idi
And the prime number q obtained from the associated parameter of the master public key mpk calculates the first integer si1。
3. system according to claim 2, which is characterized in that the step of calculating private cipher key sk includes:
According to the first integer s retrieved from the parameter for the calculating that the security server transmitsi1, described first
Random number ri1And the prime number q obtained from the associated parameter of the master public key mpk calculates integer si;And
According to the arbitrary value R of the equipmentiWith the integer siForm the private cipher key sk.
4. system according to claim 2 or 3, which is characterized in that the arbitrary value R of the equipmentiByOrIt determines, any first value Ri1ByIt determines, the first integer si1By si1=ri2+xH
(Ri, idi) (mod q) or si1=-ri2+xH(Ri, idi) (mod q) determination, wherein H () is collision resistant hash-function.
5. system according to claim 4, which is characterized in that the integer siBy si=si1+ri1(mod q) is determined.
6. system according to claim 2 or 3, which is characterized in that the arbitrary value R of the equipmentiByReally
It is fixed, any first value Ri1ByIt determines, the first integer si1By si1=ri2+xH(Ri, idi) (mod q) true
Fixed, wherein H () is collision resistant hash-function.
7. system according to claim 6, which is characterized in that the integer siBy si=si1-ri1(mod q) is determined.
8. system according to claim 1, which is characterized in that described the step of calculating the parameter for the equipment wraps
It includes:
Any first value R is retrieved from first group componenti1, the equipment identity idiAnd homomorphic cryptography value c, wherein
Any first value R is generated according to the first random number rili1, by providing institute to additive homomorphism encryption function HEnc ()
State the first random number ri1It is generated with the prime number q that is obtained from the associated parameter of the master public key mpk described same
State secret value c;
By the arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
By providing the second random number r to the additive homomorphism encryption function HEnc ()i2, it is the homomorphic cryptography value c, described
The arbitrary value R of main privacy key x, the equipmenti, the equipment identity idiAnd the prime number q calculates first integer
si1。
9. system according to claim 8, which is characterized in that the step of calculating private cipher key sk includes:
It is retrieved by applying to complementary homomorphic decryption function from the parameter for the calculating that the security server transmits
The first integer si1Calculate integer si;And
According to the arbitrary value Ri of the equipment and the integer siForm the private cipher key sk.
10. system according to claim 8 or claim 9, which is characterized in that the arbitrary value R of the equipmentiByReally
It is fixed, any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1 -1Mod q) it determines,
The first integer si1ByIt determines, wherein HEnc () is additive homomorphism encryption
Function.
11. system according to claim 8 or claim 9, which is characterized in that the arbitrary value R of the equipmentiBy
It determines, any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1 -1) determine, it is described
First integer si1ByIt determines, wherein HEnc () is that the additive homomorphism encrypts letter
Number.
12. system described in 0 or 11 according to claim 1, which is characterized in that the integer siBy si=ri1HDec(si1) really
Fixed, wherein HDec () is the complementary homomorphic decryption function.
13. system according to claim 8 or claim 9, which is characterized in that the arbitrary value R of the equipmentiByReally
It is fixed, any first value Ri1ByIt determines, the homomorphic cryptography value c is by c=HEnc (ri1) determine, described the
One integer si1ByIt determines, wherein HEnc () is the additive homomorphism encryption function.
14. system according to claim 13, which is characterized in that the integer siBy si=ri1 -1HDec(si1) determine,
Middle HDec () is the complementary homomorphic decryption function.
15. a kind of system for generating common session key SK, which is characterized in that the words key SK of meeting together is used to be based on participation
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the system packet
It includes:
Security server is used to indicate:
First equipment is random according to generating from the received first group of parameter of the security server and first equipment
Number ri1Calculate private cipher key ski, wherein the second random number r that the security server is generated according to the security serveri2, packet
Include the first random number ri1The first group component, main privacy key x and generate institute with the associated parameter of master public key mpk
First group of parameter is stated, wherein first equipment generates first group component and is transmitted to the security server;With
And
Second equipment is random according to generating from the received second group of parameter of the security server and second equipment
Number rj1Calculate private cipher key skj, wherein the second random number r that the security server is generated according to the security serverj2, packet
Include the first random number rj1The second group component, the main privacy key x and with the associated institute of the master public key mpk
It states parameter and generates second group of parameter, wherein second equipment generates second group component and is transmitted to the peace
Full server;
First equipment is used for:
Use the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt signs, wherein a is institute
The random number of the first equipment generation is stated, g is the generator of cyclic group G;
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaDescribed second is transferred to set
It is standby;
When receiving the transmission information, second equipment is used for:
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea,
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates, and
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment;
First equipment is used for:
Use the identity with the Self-certified signature scheme of the identity-based associated the verifying function and second equipment
idjVerify the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through
By the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;
By the first authentication data AdiIt is transferred to second equipment, thus receiving the first authentication data AdiWhen, institute
The second equipment is stated to be used for:
According to the group element gaThe second shared secret k is calculated with the group element bji,
By by the second shared secret kjiIt is supplied to the cipher key derivation function and calculates the second key vkj,
By by the key vkjIt is supplied to the authentication data derivation function and calculates the second authentication data Adj,
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
16. system according to claim 15, which is characterized in that described to generate first group of ginseng for first equipment
Several steps include:
The security server is used for:
Any first value R is retrieved from first group componenti1With the identity id of first equipmenti, wherein according to described
One random number ri1Generate any first value Ri1;
Calculate the arbitrary value Ri and the first integer s of first equipmenti1;And
By the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as the institute of first equipment
Parameter is stated,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value Ri of first equipment;And
According to the second random number ri2, the main privacy key x, the arbitrary value Ri of first equipment, first equipment
Identity idiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
si1。
17. system according to claim 16, which is characterized in that described to calculate the private cipher key skiInclude:
First equipment is used for:
According to the first integer si1, the first random number r retrieved from first group of parameteri1And from institute
It states the prime number q obtained in the associated parameter of master public key mpk and calculates integer si;And
According to the arbitrary value Ri of first equipment and the integer siForm the private cipher key ski。
18. system according to claim 15, which is characterized in that described to generate second group of ginseng for second equipment
Number includes:
The security server is used for:
Any first value R is retrieved from second group componentj1With the identity id of second equipmentj, wherein according to described
One random number rj1Generate any first value Rj1;
Calculate the arbitrary value R of second equipmentjWith the first integer sj1;And
By the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as the institute of second equipment
Parameter is stated,
Wherein according to any first value Rj1With the second random number rj2Calculate the arbitrary value R of second equipmentj;And
According to the second random number ri2, the main privacy key x, second equipment arbitrary value Rj, second equipment
Identity idjAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
sj1。
19. system according to claim 18, which is characterized in that described to calculate the private cipher key skjInclude:
Second equipment is used for:
According to the first integer s retrieved from second group of parameteri1, the first random number rj1And from it is described
The prime number q obtained in the associated parameter of master public key mpk calculates integer sj;And
According to the arbitrary value R of second equipmentjWith the integer sjForm the private cipher key skj。
20. a kind of system for generating common session key SK, which is characterized in that the words key SK of meeting together is used to be based on participation
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the system packet
It includes:
Security server is used to indicate:
First equipment is random according to generating from the received first group of parameter of the security server and first equipment
Number ri1Calculate private cipher key ski, wherein the second random number r that the security server is generated according to the security serveri2、
Including the first random number ri1The first group component, main privacy key x and generated with the associated parameter of master public key mpk
First group of parameter, wherein first equipment generates first group component and is transmitted to the security server;
And
Second equipment is random according to generating from the received second group of parameter of the security server and second equipment
Number rj1Calculate private cipher key skj, wherein the second random number r that the security server is generated according to the security serverj2, packet
Include the first random number rj1The second group component, the main privacy key x and with the associated institute of the master public key mpk
It states parameter and generates second group of parameter, wherein second equipment generates second group component and is transmitted to the peace
Full server;
First equipment is used for:
Use the Self-certified signature scheme and the private cipher key sk of identity-basediTo cryptographic random number NiIt signs;
By the identity id of first equipmenti, the cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to described
Second equipment;
When receiving the transmission information, second equipment is used for:
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the cryptographic random number N of the signaturei,
In the cryptographic random number N of the signatureiWhen passing through verifying, the Self-certified signature scheme of the identity-based and described is used
Private cipher key skjTo cryptographic random number (Ni||Nj) sign, wherein NjFor cryptographic random number, and
By the cryptographic random number (N of the signaturei||Nj) and the cryptographic random number NjIt is transferred to first equipment;
First equipment is used for:
Use the identity with the Self-certified signature scheme of the identity-based associated the verifying function and second equipment
idjVerify the cryptographic random number (N of the signaturei||Nj), in the cryptographic random number (N of the signaturei||Nj) when passing through verifying, meter
Calculate the first shared secret kij=gsj·si, by by the first shared secret kijIt is close to be supplied to cipher key derivation function calculating first
Key vki, and by by the cryptographic random number NiAnd NjAnd the first key vkiIt is supplied to authentication data derivation function meter
Calculate the first authentication data Adi;
By by the first shared secret kijAnd the cryptographic random number NiAnd NjThe cipher key derivation function is supplied to generate
The common session key SK;
By the first authentication data AdiIt is transferred to second equipment;
Receiving the first authentication data AdiWhen, second equipment is used for:
Calculate the second shared secret kji=gsj·s1,
By by the second shared secret kjiIt is supplied to the cipher key derivation function and calculates the second key vkj,
By by the key vkjAnd the cryptographic random number NiAnd NjIt is supplied to the authentication data derivation function and calculates the
Two authentication data Adj,
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
21. system according to claim 20, which is characterized in that described to generate first group of ginseng for first equipment
Number includes:
The security server is used for:
Any first value R is retrieved from first group componenti1With the identity id of first equipmenti, wherein according to described
One random number ri1Generate any first value Ri1;
Calculate the arbitrary value R of first equipmentiWith the first integer si1;And
By the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as the institute of first equipment
Parameter is stated,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of first equipmenti;And
According to the second random number ri2, the main privacy key x, first equipment arbitrary value Ri, first equipment
Identity idiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
si1。
22. system according to claim 21, which is characterized in that described to calculate the private cipher key skiInclude:
First equipment is used for:
According to the first integer s retrieved from first group of parameteri1, the first random number ri1And from it is described
The prime number q obtained in the associated parameter of master public key mpk calculates integer si;And
According to the arbitrary value R of first equipmentiWith the integer siForm the private cipher key ski。
23. system according to claim 20, which is characterized in that described to generate second group of ginseng for second equipment
Number includes:
The security server is used for:
Any first value R is retrieved from second group componentj1With the identity id of second equipmentj, wherein according to described
One random number rj1Generate any first value Rj1;
Calculate the arbitrary value R of second equipmentjWith the first integer sj1;And
By the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as the institute of second equipment
Parameter is stated,
Wherein according to any first value Rj1With the second random number rj2Calculate the arbitrary value R of second equipmentj;And
According to the second random number rj2, the main privacy key x, second equipment arbitrary value Rj, second equipment
Identity idjAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
sj1。
24. system according to claim 23, which is characterized in that described to calculate the private cipher key skjInclude:
Second equipment is used for:
According to the first integer s retrieved from second group of parameteri1, the first random number rj1And from it is described
The prime number q obtained in the associated parameter of master public key mpk calculates integer sj;And
According to the arbitrary value R of second equipmentjWith the integer sjForm the private cipher key skj。
25. a kind of system for generating common session key SK, which is characterized in that the words key SK of meeting together is used to be based on participation
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the system packet
It includes:
First security server, is used to indicate:
First equipment is according to generating from the received first group of parameter of first security server and first equipment
Random number ri1Calculate private cipher key ski, wherein first security server generated according to first security server
Two random number ri2Including the first random number ri1The first group component, main privacy key xiAnd with master public key mpki
Associated parameter generates first group of parameter, wherein first equipment generates first group component and is transmitted to institute
State the first security server;
Second security server, is used to indicate:
Second equipment is according to generating from the received second group of parameter of second security server and second equipment
Random number rj1Calculate private cipher key skj, wherein second security server generated according to second security server
Two random number rj2Including the first random number rj1The second group component, main privacy key xjAnd with master public key mpkj
The associated parameter generates second group of parameter, wherein second equipment generates second group component and transmitted
To second security server,
Wherein first security server is located in the domain different from second security server;
First equipment is used for:
Use the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt signs, wherein a is institute
The random number of the first equipment generation is stated, g is the generator of cyclic group G;
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaDescribed second is transferred to set
It is standby;
When receiving the transmission information, second equipment is used for:
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea,
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates, and
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment;
First equipment is used for:
Use the identity with the Self-certified signature scheme of the identity-based associated the verifying function and second equipment
idjVerify the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through
By the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;
By the first authentication data AdiIt is transferred to second equipment;
Receiving the first authentication data AdiWhen, second equipment is used for:
According to the group element gaThe second shared secret k is calculated with the group element bji,
By by the second shared secret kjiIt is supplied to the cipher key derivation function and calculates the second key vkj,
By by the key vkjIt is supplied to the authentication data derivation function and calculates the second authentication data Adj,
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
26. system according to claim 25, which is characterized in that described to generate first group of ginseng for first equipment
Number includes:
First security server is used for:
Any first value R is retrieved from first group componenti1With the identity id of first equipmenti, wherein according to described
One random number ri1Generate any first value Ri1;
Calculate the arbitrary value R of first equipmentiWith the first integer si1;And
By the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as the institute of first equipment
Parameter is stated,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of first equipmenti;And
According to the second random number ri2, the main privacy key xi, first equipment arbitrary value Ri, first equipment
Identity idiAnd from the master public key mpkiThe prime number q obtained in the associated parameter calculates first integer
si1。
27. system according to claim 26, which is characterized in that described to calculate the private cipher key skiInclude:
First equipment is used for:
According to the first integer s retrieved from first group of parameteri1, the first random number ri1And from it is described
Master public key mpkiThe prime number q obtained in the associated parameter calculates integer si;And
According to the arbitrary value R of first equipmentiWith the integer siForm the private cipher key ski。
28. system according to claim 25, which is characterized in that described to generate second group of ginseng for second equipment
Number includes:
Second security server is used for:
Any first value R is retrieved from second group componentj1With the identity id of second equipmentj, wherein according to described
One random number rj1Generate any first value Rj1;
Calculate the arbitrary value R of second equipmentjWith the first integer sj1;And
By the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as the institute of second equipment
Parameter is stated,
Wherein according to any first value Rj1With the second random number rj2Calculate the arbitrary value R of second equipmentj;And
According to the second random number rj2, the main privacy key xj, second equipment arbitrary value Rj, second equipment
Identity idjAnd from the master public key mpkjThe prime number q obtained in the associated parameter calculates first integer
sj1。
29. system according to claim 28, which is characterized in that described to calculate the private cipher key skjInclude:
Second equipment is used for:
According to the first integer s retrieved from second group of parameteri1, the first random number rj1And from it is described
Master public key mpkjThe prime number q obtained in the associated parameter calculates integer sj;And
According to the arbitrary value R of second equipmentjWith the integer sjForm the private cipher key skj。
30. a kind of system for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, the system comprises:
Security server is used to indicate:
First equipment is random according to generating from the received first group of parameter of the security server and first equipment
Number ri1Calculate private cipher key ski, wherein the second random number r that the security server is generated according to the security serveri2, packet
Include the first random number ri1The first group component, main privacy key x and generate institute with the associated parameter of master public key mpk
First group of parameter is stated, wherein first equipment generates first group component and is transmitted to the security server;With
And
Second equipment is random according to generating from the received second group of parameter of the security server and second equipment
Number rj1Calculate private cipher key skj, wherein the second random number r that the security server is generated according to the security serverj2, packet
Include the first random number rj1The second group component, the main privacy key x and with the associated institute of the master public key mpk
It states parameter and generates second group of parameter, wherein second equipment generates second group component and is transmitted to the peace
Full server;
First and second equipment is used to be first equipment and described the using the Self-certified signature scheme of identity-based
The tls protocol or the DTLS agreement between two equipment generate the common session key SK, wherein first equipment
Identity idiIncluded in the certificate message of first equipment, the identity id of second equipmentjIt is set included in described second
In standby certificate message, the Self-certified signature scheme of the identity-based is by the skiAnd skjIt determines.
31. system according to claim 30, which is characterized in that described to generate first group of ginseng for first equipment
Number includes:
The security server is used for:
Any first value R is retrieved from first group componenti1With the identity id of first equipmenti, wherein according to described
One random number ri1Generate any first value Ri1;
Calculate the arbitrary value R of first equipmentiWith the first integer si1;And
By the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as the institute of first equipment
Parameter is stated,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of first equipmenti;And
According to the second random number ri2, the main privacy key x, first equipment arbitrary value Ri, first equipment
Identity idiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
si1。
32. system according to claim 31, which is characterized in that described to calculate the private cipher key skiInclude:
First equipment is used for:
According to the first integer s retrieved from first group of parameteri1, the first random number ri1And from it is described
The prime number q obtained in the associated parameter of master public key mpk calculates integer si;And
According to the arbitrary value R of first equipmentiWith the integer siForm the private cipher key ski。
33. system according to claim 30, which is characterized in that described to generate second group of ginseng for second equipment
Number includes:
The security server is used for:
Any first value R is retrieved from second group componentj1With the identity id of second equipmentj, wherein according to described
One random number rj1Generate any first value Rj1;
Calculate the arbitrary value R of second equipmentjWith the first integer sj1;And
By the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as the institute of second equipment
Parameter is stated,
Wherein according to any first value Rj1With the second random number rj2Calculate the arbitrary value R of second equipmentj;And
According to the second random number rj2;The arbitrary value R of the main privacy key x, second equipmentj, second equipment
Identity idjAnd the prime number q obtained from the associated parameter of the master public key mpk calculates first integer
sj1。
34. system according to claim 33, which is characterized in that described to calculate the private cipher key skjInclude:
Second equipment is used for:
According to the first integer s retrieved from second group of parameteri1, the first random number rj1And from it is described
The prime number q obtained in the associated parameter of master public key mpk calculates integer sj;And
According to the arbitrary value R of second equipmentjWith the integer sjForm the private cipher key skj。
35. a kind of system for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, the system comprises:
First security server, is used to indicate:
First equipment is according to generating from the received first group of parameter of first security server and first equipment
Random number ri1Calculate private cipher key ski, wherein first security server generated according to first security server
Two random number ri2Including the first random number ri1The first group component, main privacy key xiAnd with master public key mpki
Associated parameter generates first group of parameter, wherein first equipment generates first group component and is transmitted to institute
State the first security server;
Second security server, is used to indicate:
Second equipment is according to generating from the received second group of parameter of second security server and second equipment
Random number rj1Calculate private cipher key skj, wherein second security server generated according to second security server
Two random number rj2Including the first random number rj1The second group component, the main privacy key xjAnd and master public key
mpkjThe associated parameter generates second group of parameter, wherein second equipment generate second group component and by its
It is transferred to second security server,
Wherein first security server is located in the domain different from second security server;
First and second equipment is used to be first equipment and described the using the Self-certified signature scheme of identity-based
The tls protocol between two equipment generates the common session key SKij, wherein the identity id of first equipmentiInclude
In the certificate message of first equipment, the identity id of second equipmentjIncluded in the certificate message of second equipment
In, the Self-certified signature scheme of the identity-based is by the skiAnd skjIt determines.
36. system according to claim 35, which is characterized in that described to generate first group of ginseng for first equipment
Number includes:
First security server is used for:
Any first value R is retrieved from first group componenti1With the identity id of first equipmenti, wherein according to described
One random number ri1Generate any first value Ri1;
Calculate the arbitrary value R of first equipmentiWith the first integer si1;And
By the arbitrary value R of first equipment of the calculatingiWith the first integer si1It is set as the institute of first equipment
Parameter is stated,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of first equipmenti;And
According to the second random number ri2, the main privacy key xi, first equipment arbitrary value Ri, first equipment
Identity idiAnd from the master public key mpkiThe prime number q obtained in the associated parameter calculates first integer
si1。
37. system according to claim 36, which is characterized in that described to calculate the private cipher key skiInclude:
First equipment is used for:
According to the first integer s retrieved from first group of parameteri1, the first random number ri1And from it is described
Master public key mpkiThe prime number q obtained in the associated parameter calculates integer si;And
According to the arbitrary value R of first equipmentiWith the integer siForm the private cipher key ski。
38. system according to claim 35, which is characterized in that described to generate second group of ginseng for second equipment
Number includes:
Second security server is used for:
Any first value R is retrieved from second group componentj1With the identity id of second equipmentj, wherein according to described
One random number rj1Generate any first value Rj1;
Calculate the arbitrary value R of second equipmentjWith the first integer sj1;And
By the arbitrary value R of second equipment of the calculatingjWith the first integer sj1It is set as the institute of second equipment
Parameter is stated,
Wherein according to any first value Rj1With the second random number rj2Calculate the arbitrary value R of second equipmentj;And
According to the second random number rj2, the main privacy key xj, second equipment arbitrary value Rj, second equipment
Identity idjAnd from the master public key mpkjThe prime number q obtained in the associated parameter calculates first integer
sj1。
39. the system according to claim 38, which is characterized in that described to calculate the private cipher key skjInclude:
Second equipment is used for:
According to the first integer s retrieved from second group of parameteri1, the first random number rj1And from it is described
Master public key mpkjThe prime number q obtained in the associated parameter calculates integer sj;And
According to the arbitrary value R of second equipmentjWith the integer sjForm the private cipher key skj。
40. system according to claim 35, which is characterized in that be used in the security server according to the safety clothes
The second random number r that business device generatesi2Before the equipment calculating parameter, the security server is used for:
Zero-knowledge proof is received from the equipment as a result, wherein the equipment uses the first random number ri1With system parameter λ
Generate the zero-knowledge proof result;
The first random number r is determined according to the zero-knowledge proof resulti1Whether the system parameter λ is less than or equal to;And
As the first random number ri1When less than or equal to the system parameter λ, generated according to the security server described the
Two random number ri2For the equipment calculating parameter.
41. a kind of system for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, the system comprises:
Security server is used for:
Using the Self-certified signature scheme of identity-based, according to the identity id of first equipmentiIt is generated for first equipment private
There is key ski, according to the identity id of second equipmentjPrivate cipher key sk is generated for second equipmentj;And
By the private cipher key skiIt is transferred to first equipment, by the private cipher key skjIt is transferred to second equipment;
First and second equipment be used for using identical identity-based Self-certified signature scheme be first equipment and
The tls protocol between second equipment or the DTLS agreement generate the common session key SK, wherein described the
The identity id of one equipmentiIncluded in the certificate message of first equipment, the identity id of second equipmentjIncluded in described
In the certificate message of second equipment, the Self-certified signature scheme of the identity-based is by the skiAnd skjIt determines.
42. a kind of system for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, the system comprises:
First security server, is used for:
Using the Self-certified signature scheme of identity-based, according to the identity id of first equipmentiIt is generated for first equipment private
There is key ski, and by the private cipher key skiIt is transferred to first equipment;
Second security server, is used for:
Using the Self-certified signature scheme of identity-based, according to the identity id of second equipmentjIt is generated for second equipment private
There is key skj, and by the private cipher key skjIt is transferred to second equipment;
Wherein first security server is located in the domain different from second security server,
First and second equipment be used for using identical identity-based Self-certified signature scheme but different parameter or
The TLS or DTLS of the Self-certified signature scheme of different identity-baseds between first equipment and second equipment
Agreement generates the common session key SK, wherein the identity id of first equipmentiIncluded in the certificate of first equipment
In message, the identity id of second equipmentjIncluded in the certificate message of second equipment, the identity-based is accepted as unavoidable
Signature scheme is demonstrate,proved by the skiAnd skjIt determines.
43. a kind of security service for for the equipment calculating private cipher key sk for participating in the Self-certified signature scheme of identity-based
Device characterized by comprising
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The the second random number r generated according to the security serveri2, it is close from received first group component of the equipment, main secret
Key x and be the equipment calculating parameter with the associated parameter of master public key mpk, wherein first group component includes described
The first random number r that equipment generatesi1;
The parameter of the calculating is transferred to the equipment, thus the equipment parameter of calculating that is used to receive according to
The random number ri1Calculate the private cipher key sk.
44. security server according to claim 43, which is characterized in that calculate the described of the parameter for the equipment
Instruction includes:
It is used to indicate the processor and executes the following instruction operated:
Any first value R is retrieved from first group componenti1With the identity id of the equipmenti, wherein according to described first with
Machine number ri1Generate any first value Ri1;
Calculate the arbitrary value R of the equipmentiWith the first integer si1;And
By the arbitrary value R of the equipment of the calculatingiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
According to the second random number ri2, the main privacy key x, first equipment arbitrary value Ri, the equipment body
Part idiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates the first integer si1。
45. security server according to claim 43, which is characterized in that calculate the described of the parameter for the equipment
Instruction includes:
It is used to indicate the processor and executes the following instruction operated:
Any first value R is retrieved from first group componenti1, the equipment identity idiAnd homomorphic cryptography value c, wherein
According to the first random number ri1Generate any first value Ri1, by providing institute to additive homomorphism encryption function HEnc ()
State the first random number ri1It is generated with the prime number q that is obtained from the associated parameter of the master public key mpk described same
State secret value c;
By the arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
By providing the second random number r to the additive homomorphism encryption function HEnc ()i2, it is the homomorphic cryptography value c, described
The arbitrary value R of main privacy key x, first equipmenti, the equipment identity idiAnd the prime number q calculates described first
Integer si1。
46. the security server according to any one of claim 43 to 45, which is characterized in that according to the safety clothes
The second random number r that business device generatesi2Before the described instruction for calculating the parameter for the equipment, the security server
Include:
It is used to indicate the processor and executes the following instruction operated:
Zero-knowledge proof is received from the equipment as a result, wherein the equipment uses the first random number ri1With system parameter λ
Generate the zero-knowledge proof result;
The first random number r is determined according to the zero-knowledge proof resultilWhether the system parameter λ is less than or equal to;And
As the first random number rilWhen less than or equal to the system parameter λ, generated according to the security server described the
Two random number ri2For the equipment calculating parameter.
47. a kind of method for calculating private cipher key sk for the equipment for participating in the Self-certified signature scheme of identity-based, special
Sign is, comprising:
The second random number r that security server is generated according to the security serveri2, from received first component of the equipment
Amount, main privacy key x and with the associated parameter of master public key mpk be the equipment calculating parameter, wherein described first group
Component includes the first random number r that the equipment generatesil;
The parameter of the calculating is transferred to the equipment, thus the parameter for the calculating that the equipment is received according to and described
Random number ri1Calculate the private cipher key sk.
48. according to the method for claim 47, which is characterized in that described to include: for the equipment calculating parameter
The security server retrieves any first value R from first group componenti1With the identity idi of the equipment, wherein
According to the first random number ri1Generate any first value Ri1;
Calculate the arbitrary value R of the equipmentiWith the first integer si1;And
By the arbitrary value R of the equipment of the calculatingiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
According to the second random number ri2, the main privacy key x, first equipment arbitrary value Ri, the equipment body
Part idiAnd the prime number q obtained from the associated parameter of the master public key mpk calculates the first integer si1。
49. according to the method for claim 47, which is characterized in that described to include: for the equipment calculating parameter
The security server retrieves any first value R from first group componenti1, the equipment identity idiAnd it is same
State secret value c, wherein according to the first random number ri1Generate any first value Ri1, by encrypting letter to additive homomorphism
Number HEnc () provides the first random number ri1With the element obtained from the associated parameter of the master public key mpk
Q is counted to generate the homomorphic cryptography value c;
By the arbitrary value R of the equipmentiWith the first integer si1It is set as the parameter of the equipment,
Wherein according to any first value Ri1With the second random number ri2Calculate the arbitrary value R of the equipmenti;And
By providing the second random number r to the additive homomorphism encryption function HEnc ()i2, it is the homomorphic cryptography value c, described
The arbitrary value R of main privacy key x, first equipmenti, the equipment identity idiAnd the prime number q calculates described first
Integer si1。
50. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used for participation base
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the method packet
It includes:
First equipment receives the instruction for being used for following operation from security server: according to received from the security server
The random number r that first group of parameter and first equipment generatei1Calculate private cipher key ski, wherein the security server according to
The second random number r that the security server generatesi2Including the first random number ri1The first group component, main privacy key
X and first group of parameter is generated with the associated parameter of master public key mpk, wherein first equipment generates described first
Group component is simultaneously transmitted to the security server;And
First equipment uses the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt is signed
Name, wherein a is the random number that first equipment generates, and g is the generator of cyclic group G;
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaIt is transferred to described second.
51. according to the method for claim 50, which is characterized in that the method also includes:
Group element (the g of signature is received from second equipmenta||gb) and group element gb;
Use the identity id with the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjIt tests
Demonstrate,prove the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through
By the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;
By the first authentication data AdiIt is transferred to second equipment.
52. a kind of the first equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between first equipment of the Self-certified signature scheme of identity-based and the second equipment is encoded, described
First equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from security server: according to from the received first group of parameter of the security server and
The random number r that first equipment generatesi1Calculate private cipher key ski, wherein the security server is according to the security service
The second random number r that device generatesi2Including the first random number ri1The first group component, main privacy key x and and Your Majesty
It opens the associated parameter of key mpk and generates first group of parameter, wherein first equipment generates first group component and will
It is transferred to the security server;And
Use the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt signs, wherein a is institute
The random number of the first equipment generation is stated, g is the generator of cyclic group G;
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaIt is transferred to described second.
53. the first equipment according to claim 52, which is characterized in that described instruction includes:
It is used to indicate the processor and executes the following instruction operated:
Group element (the g of signature is received from second equipmenta||gb) and group element gb;
Use the identity id with the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjIt tests
Demonstrate,prove the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through
By the first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;
By the first authentication data AdiIt is transferred to second equipment.
54. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used for participation base
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the method packet
It includes:
Second equipment receives the instruction for being used for following operation from security server: according to received from the security server
The random number r that second group of parameter and second equipment generatej1 calculates private cipher key skj, wherein the security server according to
The second random number r that the security server generatesj2;Including the first random number rj1The second group component, main privacy key
X and second group of parameter is generated with the associated parameter of master public key mpk, wherein second equipment generates described second
Group component is simultaneously transmitted to the security server;
The identity id for receiving first equipment from described firsti, group element gaWith the group element g of signaturea;
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea;
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates, and
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment.
55. method according to claim 54, which is characterized in that the method also includes:
The first authentication data Ad is received from first equipmenti;
According to the group element gaWith the group element gbCalculate the second shared secret kji;
By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;
By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
56. a kind of the second equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between the first equipment and second equipment of the Self-certified signature scheme of identity-based is encoded, described
Second equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from security server: according to from the received second group of parameter of the security server and
The random number r that second equipment generatesj1Calculate private cipher key skj, wherein the security server is according to the security service
The second random number r that device generatesj2Including the first random number rj1The second group component, main privacy key x and and Your Majesty
It opens the associated parameter of key mpk and generates second group of parameter, wherein second equipment generates second group component and will
It is transferred to the security server;
The identity id for receiving first equipment from described firsti, group element gaWith the group element g of signaturea;
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea;
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates, and
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment.
57. the second equipment according to claim 56, which is characterized in that described instruction includes:
It is used to indicate the processor and executes the following instruction operated:
The first authentication data Ad is received from first equipmenti;
According to the group element gaWith the group element gbCalculate the second shared secret kji;
By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;
By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
58. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used for participation base
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the method packet
It includes:
First equipment receives the instruction for being used for following operation from security server: according to received from the security server
The random number r that first group of parameter and first equipment generatei1Calculate private cipher key ski, wherein the security server according to
The second random number r that the security server generatesi2Including the first random number ri1The first group component, main privacy key
X and first group of parameter is generated with the associated parameter of master public key mpk, wherein first equipment generates described first
Group component is simultaneously transmitted to the security server;And
First equipment uses the Self-certified signature scheme and the private cipher key sk of identity-basediTo cryptographic random number NiInto
Row signature;
By the identity id of first equipmenti, the cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to described
Second equipment, so that second equipment is used for when receiving the transmission information:
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the cryptographic random number N of the signaturei;
In the cryptographic random number N of the signatureiWhen passing through verifying, the Self-certified signature scheme of the identity-based and privately owned is used
Key skjTo cryptographic random number (Ni||Nj) sign, wherein NjFor cryptographic random number;And
By the cryptographic random number (N of the signaturei||Nj) and cryptographic random number NjIt is transferred to first equipment.
59. method according to claim 58, which is characterized in that the method also includes:
Cryptographic random number (the N is received from second equipmenti||Nj) and the cryptographic random number Nj;
Use the identity with the Self-certified signature scheme of the identity-based associated the verifying function and second equipment
idjVerify the cryptographic random number (N of the signaturei||Nj), in the cryptographic random number (N of the signaturei||Nj) when passing through verifying, meter
Calculate the first shared secret kij=gsj·si, by by the first shared secret kijIt is close to be supplied to cipher key derivation function calculating first
Key vki, and by by the cryptographic random number NiAnd NjAnd the first key vkiIt is supplied to authentication data derivation function meter
Calculate the first authentication data Adi;
By by the first shared secret kijAnd the cryptographic random number NiAnd NjThe cipher key derivation function is supplied to generate
The common session key SK;
By the first authentication data AdiIt is transferred to second equipment.
60. a kind of the first equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity-based is encoded, institute
Stating the first equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from security server: according to from the received first group of parameter of the security server and
The random number r that first equipment generatesi1Calculate private cipher key ski, wherein the security server is according to the security service
The second random number r that device generatesi2Including the first random number ri1The first group component, main privacy key x and and Your Majesty
It opens the associated parameter of key mpk and generates first group of parameter, wherein first equipment generates first group component and will
It is transferred to the security server;And
Use the Self-certified signature scheme and the private cipher key sk of identity-basediTo cryptographic random number NiIt signs;And
By the identity id of first equipmenti, the cryptographic random number NiWith the cryptographic random number N of the signatureiIt is transferred to described
Second equipment.
61. the first equipment according to claim 60, which is characterized in that described instruction includes:
It is used to indicate the processor and executes the following instruction operated:
Cryptographic random number (N is received from second equipmenti||Nj) and the cryptographic random number Nj;
Use the identity id with the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjIt tests
Cryptographic random number (the N of signed certificate namei||Nj), in the cryptographic random number (N of the signaturei||Nj) when passing through verifying, it is total to calculate first
Enjoy secret kij=gsj·si, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and
By by the cryptographic random number NiAnd NjAnd the first key vkiAuthentication data derivation function calculating first is supplied to recognize
Demonstrate,prove data Adi;
By by the first shared secret kijAnd the cryptographic random number NiAnd NjThe cipher key derivation function is supplied to generate
The common session key SK;And
By the first authentication data AdiIt is transferred to second equipment.
62. a kind of the second equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between the first equipment and second equipment of the Self-certified signature scheme of identity-based is encoded, described
Second equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from security server: according to from the received second group of parameter of the security server and
The random number r that second equipment generatesj1Calculate private cipher key skj, wherein the security server is according to the security service
The second random number r that device generatesj2Including the first random number rj1The second group component, main privacy key x and and Your Majesty
It opens the associated parameter of key mpk and generates second group of parameter, wherein second equipment generates second group component and will
It is transferred to the security server;
The identity id of first equipment is received from first equipmenti, cryptographic random number NiWith the cryptographic random number N of signaturei;
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the cryptographic random number N of the signaturei;
In the cryptographic random number N of the signatureiWhen passing through verifying, the Self-certified signature scheme of the identity-based and described is used
Private cipher key skjTo cryptographic random number (Ni||Nj) sign, wherein NjFor cryptographic random number;And
By the cryptographic random number (N of the signaturei||Nj) and the cryptographic random number NjIt is transferred to first equipment.
63. the second equipment according to claim 62, which is characterized in that described instruction includes being used to indicate the processor
Execute the following instruction operated:
The first authentication data Ad is received from first equipmenti;
Calculate the second shared secret kji=gsj·si;
By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;
By by the key vkjAnd the cryptographic random number NiAnd NjAuthentication data derivation function calculating second is supplied to recognize
Demonstrate,prove data Adj;
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
64. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used for participation base
Digital communication between the first equipment i and the second equipment j of the Self-certified signature scheme of identity is encoded, the system packet
It includes:
First equipment receives the instruction for being used for following operation from the first security server: according to from first security service
The random number r that the received first group of parameter of device and first equipment generatei1Calculate private cipher key ski, wherein first peace
The second random number r that full server is generated according to first security serveri2Including the first random number ri1First
Group component, main privacy key xiAnd with master public key mpkiAssociated parameter generates first group of parameter, wherein described the
One equipment generates first group component and is transmitted to first security server;
Wherein first security server is located in the domain different from the second security server;
First equipment uses the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt is signed
Name, wherein a is the random number that first equipment generates, and g is the generator of cyclic group G;
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaDescribed second is transferred to set
It is standby.
65. method according to claim 64, which is characterized in that the method also includes:
Group element (the g of signature is received from second equipmenta||gb) and group element gb;
Use the identity id with the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjIt tests
Demonstrate,prove the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through by
The first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;And
By the first authentication data AdiIt is transferred to second equipment.
66. a kind of the first equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between first equipment of the Self-certified signature scheme of identity-based and the second equipment is encoded, described
First equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from the first security server: according to from first security server received first
The random number r that group parameter and first equipment generatei1Calculate private cipher key ski, wherein first security server according to
The second random number r that first security server generatesi2Including the first random number ri1The first group component, main secret
Key xiAnd with master public key mpkiAssociated parameter generates first group of parameter, wherein first equipment generates institute
It states the first group component and is transmitted to first security server;
Wherein first security server is located in the domain different from the second security server;
First equipment uses the Self-certified signature scheme and the private cipher key sk of identity-basediTo group element gaIt is signed
Name, wherein a is the random number that first equipment generates, and g is the generator of cyclic group G;And
By the identity id of first equipmenti, the group element gaWith the group element g of the signatureaDescribed second is transferred to set
It is standby.
67. the first equipment according to claim 66, which is characterized in that described instruction includes being used to indicate the processor
Execute the following instruction operated:
Group element (the g of signature is received from second equipmenta||gb) and group element gb;
Use the identity id with the associated verifying function and second equipment of the Self-certified signature scheme of the identity-basedjIt tests
Demonstrate,prove the group element (g of the signaturea||gb);
In the group element (g of the signaturea||gb) when passing through verifying, according to the group element a and the group element gbCalculate first
Shared secret kij, by by the first shared secret kijIt is supplied to cipher key derivation function and calculates first key vki, and pass through by
The first key vkiIt is supplied to authentication data derivation function and calculates the first authentication data Adi;
By by the first shared secret kijIt is supplied to the cipher key derivation function and generates the common session key SK;And
By the first authentication data AdiIt is transferred to second equipment.
68. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used for participation base
Digital communication between the first equipment i and the second equipment i of the Self-certified signature scheme of identity is encoded, the method packet
It includes:
Second equipment receives the instruction for being used for following operation from the second security server: according to from second security service
The random number r that the received second group of parameter of device and second equipment generatej1Calculate private cipher key skj, wherein second peace
The second random number r that full server is generated according to second security serverj2Including the first random number rj1Second
Group component, main privacy key xjAnd with master public key mpkjAssociated parameter generates second group of parameter, wherein described the
Two equipment generate second group component and are transmitted to second security server;
By the identity id of first equipmenti, group element gaWith the group element g of signatureaIt is transferred to second equipment;
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea;
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates;And
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment.
69. method according to claim 68, which is characterized in that the method also includes:
The first authentication data Ad is received from first equipmenti;
According to the group element gaThe second shared secret k is calculated with the group element bji;
By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;
By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
70. a kind of the second equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
Digital communication between the first equipment and second equipment of the Self-certified signature scheme of identity-based is encoded, described
Second equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from the second security server: according to from second security server received second
The random number r that group parameter and second equipment generatej1Calculate private cipher key skj, wherein second security server according to
The second random number r that second security server generatesj2Including the first random number rj1The second group component, main secret
Key xjAnd with master public key mpkjAssociated parameter generates second group of parameter, wherein second equipment generates institute
It states the second group component and is transmitted to second security server;
By the identity id of first equipmenti, group element gaWith the group element g of signatureaIt is transferred to second equipment;
Use the identity id with the associated verifying function and first equipment of the Self-certified signature scheme of the identity-basediIt tests
Demonstrate,prove the group element g of the signaturea;
In the group element g of the signatureaWhen passing through verifying, the Self-certified signature scheme of the identity-based and described privately owned is used
Key skjTo group element (ga||gb) sign, wherein b is the random number that first equipment generates;And
By the group element (g of the signaturea||gb) and group element gbIt is transferred to first equipment.
71. the second equipment according to claim 70, which is characterized in that described instruction includes being used to indicate the processor
Execute the following instruction operated:
The first authentication data Ad is received from first equipmenti;
According to the group element gaWith the group element gbCalculate the second shared secret kji;
By by the second shared secret kjiIt is supplied to cipher key derivation function and calculates the second key vkj;
By by the key vkjIt is supplied to authentication data derivation function and calculates the second authentication data Adj;
Determine the second authentication data AdjWhether with the first authentication data AdiMatching;And
As the second authentication data AdjWith the first authentication data AdiWhen matching, by by the second shared secret kji
It is supplied to the cipher key derivation function and generates the common session key SK.
72. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, which comprises
First equipment receives the instruction for being used for following operation from security server: according to received from the security server
The random number r that first group of parameter and first equipment generateilCalculate private cipher key ski, wherein the security server according to
The second random number r that the security server generatesi2Including the first random number ri1The first group component, main privacy key
X and first group of parameter is generated with the associated parameter of master public key mpk, wherein first equipment generates described first
Group component is simultaneously transmitted to the security server;And
It is communicated with second equipment, the Self-certified signature scheme using identity-based is that the tls protocol or the DTLS are assisted
View generates the common session key SK, wherein the identity id of first equipmentiCertificate included in first equipment disappears
In breath, the identity id of second equipmentjIncluded in the certificate message of second equipment, the Self-certified of the identity-based
Signature scheme is by skjWith the skiIt determines, the skjThe private cipher key calculated for second equipment.
73. a kind of the first equipment for generating common session key SK, which is characterized in that the common session key SK is used for ginseng
With Transport Layer Security (Transport Layer Security, the TLS) agreement of extension or the Datagram Transport Layer safety of extension
Between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Digital communication is encoded, and first equipment includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
The instruction for being used for following operation is received from security server: according to from the received first group of parameter of the security server and
The random number r that first equipment generatesi1Calculate private cipher key ski, wherein the security server is according to the security service
The second random number r that device generatesi2Including the first random number ri1The first group component, main privacy key x and and Your Majesty
It opens the associated parameter of key mpk and generates first group of parameter, wherein first equipment generates first group component and will
It is transferred to the security server;And
It is communicated with second equipment, the Self-certified signature scheme using identity-based is that the tls protocol or the DTLS are assisted
View generates the common session key SK, wherein the identity id of first equipmentiCertificate included in first equipment disappears
In breath, the identity id of second equipmentjIncluded in the certificate message of second equipment, the Self-certified of the identity-based
Signature scheme is by skjWith the skiIt determines, the skjThe private cipher key calculated for second equipment.
74. a kind of method for generating common session key SK, which is characterized in that the common session key SK is used to expand participation
Transport Layer Security (Transport Layer Security, the TLS) agreement of exhibition or the Datagram Transport Layer safety of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement
Communication is encoded, which comprises
Security server uses the Self-certified signature scheme of identity-based, according to the identity id of first equipmentiIt is described first
Equipment generates private cipher key ski, according to the identity id of second equipmentjPrivate cipher key sk is generated for second equipmentj;With
And
By the private cipher key skiIt is transferred to first equipment, by the private cipher key skjIt is transferred to second equipment, from
And first and second equipment is used to using the Self-certified signature scheme of identical identity-based be first equipment and institute
The tls protocol or the DTLS agreement stated between the second equipment generate the common session key SK, wherein described first
The identity id of equipmentiIncluded in the certificate message of first equipment, the identity id of second equipmentjIncluded in described
In the certificate message of two equipment, the Self-certified signature scheme of the identity-based is by the skjWith the skiIt determines.
75. it is a kind of generate common session key SK security server, which is characterized in that the common session key SK for pair
Participate in Transport Layer Security (Transport Layer Security, the TLS) agreement of extension or the Datagram Transport Layer peace of extension
Number between the first equipment i and the second equipment j of (Datagram Transport Layer Security, DTLS) agreement entirely
Word communication is encoded, and the security server includes:
Processor;And
The readable non-transient medium of the processor, the medium storing instructions, described instruction are executed by the processor
When make the processor execute following operation:
Using the Self-certified signature scheme of identity-based, according to the identity id of first equipmentiIt is generated for first equipment private
There is key ski, according to the identity id of second equipmentjPrivate cipher key sk is generated for second equipmentj;And
By the private cipher key skiIt is transferred to first equipment, by the private cipher key skjIt is transferred to second equipment, from
And first and second equipment is used to using the Self-certified signature scheme of identical identity-based be first equipment and institute
The tls protocol or the DTLS agreement stated between the second equipment generate the common session key SK, wherein described first
The identity id of equipmentiIncluded in the certificate message of first equipment, the identity id of second equipmentjIncluded in described
In the certificate message of two equipment, the Self-certified signature scheme of the identity-based is by the skjWith the skiIt determines.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| SG10201701044SA SG10201701044SA (en) | 2017-02-09 | 2017-02-09 | System and method for computing private keys for self certified identity based signature schemes |
| SG10201701044S | 2017-02-09 | ||
| PCT/SG2018/050050 WO2018147800A1 (en) | 2017-02-09 | 2018-02-07 | System and method for computing private keys for self certified identity based signature schemes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110268676A true CN110268676A (en) | 2019-09-20 |
| CN110268676B CN110268676B (en) | 2022-12-27 |
Family
ID=61569320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201880011027.7A Active CN110268676B (en) | 2017-02-09 | 2018-02-07 | Private key calculation system and method for identity-based self-authentication signature scheme |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US11563565B2 (en) |
| EP (1) | EP3574609B1 (en) |
| CN (1) | CN110268676B (en) |
| SG (1) | SG10201701044SA (en) |
| WO (1) | WO2018147800A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112713992A (en) * | 2020-12-22 | 2021-04-27 | 湖北工业大学 | Certificate-free anti-leakage authentication and key agreement method and system |
| CN114124465A (en) * | 2021-10-28 | 2022-03-01 | 济南浪潮数据技术有限公司 | Data transmission method, system, equipment and computer readable storage medium |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10812974B2 (en) * | 2017-05-06 | 2020-10-20 | Vmware, Inc. | Virtual desktop client connection continuity |
| EP3656145B1 (en) * | 2017-07-17 | 2023-09-06 | Sonova AG | Encrypted audio streaming |
| US20190318118A1 (en) * | 2018-04-16 | 2019-10-17 | International Business Machines Corporation | Secure encrypted document retrieval |
| US11005656B2 (en) * | 2018-12-07 | 2021-05-11 | Arris Enterprises Llc | Embedding information in elliptic curve base point |
| CN110011781B (en) * | 2019-03-04 | 2020-05-19 | 华中科技大学 | Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof |
| US11601284B2 (en) * | 2019-06-14 | 2023-03-07 | Planetway Corporation | Digital signature system based on a cloud of dedicated local devices |
| CN110336664B (en) * | 2019-07-10 | 2021-07-20 | 西安电子科技大学 | SM2 cryptographic algorithm-based cross-domain authentication method for information service entity |
| KR102315632B1 (en) * | 2019-08-08 | 2021-10-21 | 한국과학기술원 | System and method for generating scalable group key based on homomorphic encryption with trust server |
| CN110798475B (en) * | 2019-11-05 | 2021-08-03 | 北谷电子有限公司上海分公司 | Security authentication method, device, equipment and storage medium |
| US11722312B2 (en) * | 2020-03-09 | 2023-08-08 | Sony Group Corporation | Privacy-preserving signature |
| CN111431723A (en) * | 2020-03-26 | 2020-07-17 | 沈阳理工大学 | Zero-knowledge-proof-based authentication strategy for industrial environment mobile charging equipment |
| CN111416715B (en) * | 2020-04-09 | 2022-11-01 | 南京如般量子科技有限公司 | Quantum secret communication identity authentication system and method based on secret sharing |
| CN111866547B (en) * | 2020-07-30 | 2022-07-15 | 北京万协通信息技术有限公司 | Novel video tamper-proofing method |
| US20220209949A1 (en) * | 2020-12-30 | 2022-06-30 | Psdl | Secure communication device and secure communication program |
| KR102336068B1 (en) * | 2020-12-30 | 2021-12-07 | 주식회사 피에스디엘 | Security Door-lock, Device for Controlling Door-lock, Program for Controlling Door-lock and Server for Managing Door-lock |
| CN112988237B (en) * | 2021-04-21 | 2021-07-23 | 深圳致星科技有限公司 | Paillier decryption system, chip and method |
| CN113162751B (en) * | 2021-04-25 | 2023-06-20 | 重庆都会信息科技有限公司 | Encryption method and system with homomorphism and readable storage medium |
| CN113468614A (en) * | 2021-07-23 | 2021-10-01 | 成都卓拙科技有限公司 | Kerberos cross-domain authentication method based on Bulletprofs |
| CN117478329B (en) * | 2023-10-16 | 2024-04-26 | 武汉大学 | Multi-user collusion-resistant ciphertext retrieval method and equipment based on identity key encapsulation |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080000969A1 (en) * | 2004-03-25 | 2008-01-03 | Cryptomathic A/S | Electronic Voting Systems |
| CN101547099A (en) * | 2009-05-07 | 2009-09-30 | 张键红 | Elliptical curve-based method and elliptical curve-based device for self-authenticating signature |
| CN101702804A (en) * | 2009-11-23 | 2010-05-05 | 西安电子科技大学 | Two-party key agreement method based on self-certified public key |
| CN102017510A (en) * | 2007-10-23 | 2011-04-13 | 丁素芬 | Method and structure for self-sealed joint proof-of-knowledge and Diffie-Hellman key-exchange protocols |
| JP2011232475A (en) * | 2010-04-27 | 2011-11-17 | Mitsubishi Electric Corp | Encryption processing system, key generation device, encryption device, decryption device, signature processing system, signature device, and verification device |
| CN104486307A (en) * | 2014-12-03 | 2015-04-01 | 中国电子科技集团公司第三十研究所 | Decentralized key management method based on homomorphic encryption |
| CN105162585A (en) * | 2015-08-25 | 2015-12-16 | 清华大学 | Efficient privacy protecting session key agreement method |
| US20160072775A1 (en) * | 2014-09-05 | 2016-03-10 | Samsung Sds Co., Ltd. | System and method for key exchange based on authentication information |
| CN105959269A (en) * | 2016-04-25 | 2016-09-21 | 北京理工大学 | ID-based authenticated dynamic group key agreement method |
| CN106161405A (en) * | 2015-04-21 | 2016-11-23 | 上海交通大学 | Calculate safely implementation method based on the privacy protectable information of Homomorphic Encryption Scheme |
| CN106341232A (en) * | 2016-09-18 | 2017-01-18 | 中国科学院软件研究所 | Anonymous entity identification method based on password |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NL9301348A (en) * | 1993-08-02 | 1995-03-01 | Stefanus Alfonsus Brands | Electronic payment system |
| FR2714780B1 (en) * | 1993-12-30 | 1996-01-26 | Stern Jacques | Method for authenticating at least one identification device by a verification device. |
| US7370351B1 (en) * | 2001-03-22 | 2008-05-06 | Novell, Inc. | Cross domain authentication and security services using proxies for HTTP access |
| US7353395B2 (en) * | 2002-03-21 | 2008-04-01 | Ntt Docomo Inc. | Authenticated ID-based cryptosystem with no key escrow |
| US20060215837A1 (en) * | 2004-12-18 | 2006-09-28 | Hewlett-Packard Development Company, L.P. | Method and apparatus for generating an identifier-based public/private key pair |
| WO2009086845A1 (en) * | 2008-01-07 | 2009-07-16 | Siemens Enterprise Communications Gmbh & Co. Kg | Method for authenticating key information between terminals of a communication link |
| US7930542B2 (en) * | 2008-04-07 | 2011-04-19 | Safemashups Inc. | MashSSL: a novel multi party authentication and key exchange mechanism based on SSL |
| US8464058B1 (en) * | 2008-04-08 | 2013-06-11 | Hewlett-Packard Development Company, L.P. | Password-based cryptographic method and apparatus |
| US8510558B2 (en) * | 2009-02-17 | 2013-08-13 | Alcatel Lucent | Identity based authenticated key agreement protocol |
| US8799997B2 (en) * | 2011-04-18 | 2014-08-05 | Bank Of America Corporation | Secure network cloud architecture |
| CN104539423B (en) | 2014-12-16 | 2018-01-05 | 北京百旺信安科技有限公司 | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing |
| FR3035986B1 (en) * | 2015-05-06 | 2018-07-27 | Morpho | METHOD FOR GENERATING A MESSAGE SIGNATURE FROM A DIGITAL SIGNATURE TOKEN USING A HOMOMORPHIC ENCRYPTION FUNCTION |
| KR102423885B1 (en) * | 2015-05-08 | 2022-07-21 | 한국전자통신연구원 | Method and system for additive homomorphic encryption scheme with error detection functionality |
-
2017
- 2017-02-09 SG SG10201701044SA patent/SG10201701044SA/en unknown
-
2018
- 2018-02-07 WO PCT/SG2018/050050 patent/WO2018147800A1/en unknown
- 2018-02-07 EP EP18709096.4A patent/EP3574609B1/en active Active
- 2018-02-07 CN CN201880011027.7A patent/CN110268676B/en active Active
-
2019
- 2019-08-08 US US16/535,437 patent/US11563565B2/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080000969A1 (en) * | 2004-03-25 | 2008-01-03 | Cryptomathic A/S | Electronic Voting Systems |
| CN102017510A (en) * | 2007-10-23 | 2011-04-13 | 丁素芬 | Method and structure for self-sealed joint proof-of-knowledge and Diffie-Hellman key-exchange protocols |
| CN101547099A (en) * | 2009-05-07 | 2009-09-30 | 张键红 | Elliptical curve-based method and elliptical curve-based device for self-authenticating signature |
| CN101702804A (en) * | 2009-11-23 | 2010-05-05 | 西安电子科技大学 | Two-party key agreement method based on self-certified public key |
| JP2011232475A (en) * | 2010-04-27 | 2011-11-17 | Mitsubishi Electric Corp | Encryption processing system, key generation device, encryption device, decryption device, signature processing system, signature device, and verification device |
| US20160072775A1 (en) * | 2014-09-05 | 2016-03-10 | Samsung Sds Co., Ltd. | System and method for key exchange based on authentication information |
| CN104486307A (en) * | 2014-12-03 | 2015-04-01 | 中国电子科技集团公司第三十研究所 | Decentralized key management method based on homomorphic encryption |
| CN106161405A (en) * | 2015-04-21 | 2016-11-23 | 上海交通大学 | Calculate safely implementation method based on the privacy protectable information of Homomorphic Encryption Scheme |
| CN105162585A (en) * | 2015-08-25 | 2015-12-16 | 清华大学 | Efficient privacy protecting session key agreement method |
| CN105959269A (en) * | 2016-04-25 | 2016-09-21 | 北京理工大学 | ID-based authenticated dynamic group key agreement method |
| CN106341232A (en) * | 2016-09-18 | 2017-01-18 | 中国科学院软件研究所 | Anonymous entity identification method based on password |
Non-Patent Citations (2)
| Title |
|---|
| HOLGER PETERSEN等: ""self-certified keys-concepts and applications"", 《COMMUNICATION AND MULTIMEDIA SECURETY INTERNATIONAL CONFERENCE》 * |
| 曹雪菲: ""基于身份的认证协议的理论及应用研究"", 《中国优秀硕士学位论文全文数据库INFORMATIONSCIENCE AND TECHNOLOGY》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112713992A (en) * | 2020-12-22 | 2021-04-27 | 湖北工业大学 | Certificate-free anti-leakage authentication and key agreement method and system |
| CN114124465A (en) * | 2021-10-28 | 2022-03-01 | 济南浪潮数据技术有限公司 | Data transmission method, system, equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| SG10201701044SA (en) | 2018-09-27 |
| US11563565B2 (en) | 2023-01-24 |
| CN110268676B (en) | 2022-12-27 |
| EP3574609A1 (en) | 2019-12-04 |
| WO2018147800A1 (en) | 2018-08-16 |
| US20190372763A1 (en) | 2019-12-05 |
| EP3574609B1 (en) | 2022-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110268676A (en) | The private cipher key computing system and method for the Self-certified signature scheme of identity-based | |
| CN107948189B (en) | Asymmetric password identity authentication method and device, computer equipment and storage medium | |
| EP3259724B1 (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| CN107947913B (en) | Anonymous authentication method and system based on identity | |
| CN108886468B (en) | System and method for distributing identity-based key material and certificates | |
| CN107342859B (en) | Anonymous authentication method and application thereof | |
| Tseng et al. | A chaotic maps-based key agreement protocol that preserves user anonymity | |
| JP4781269B2 (en) | Key agreement and transport protocol | |
| CN107437993A (en) | One kind is based on without the side's authentication key agreement method of certificate two and device | |
| CN101394284B (en) | One-time password authentication method | |
| CN110402560B (en) | System and method for computing public session keys in identity-based authenticated key exchange scheme with forward security | |
| CN107659395A (en) | The distributed authentication method and system of identity-based under a kind of environment of multi-server | |
| KR20100050846A (en) | System and method for interchanging key | |
| JP2012521109A (en) | Identification method and shared key generation method | |
| TW201301836A (en) | Method for keys generation, member authentication and security communication in a dynamic group | |
| US11044081B2 (en) | System and method for obtaining a common session key between devices | |
| CN108599926A (en) | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys | |
| Zhang et al. | Unbalancing pairing-free identity-based authenticated key exchange protocols for disaster scenarios | |
| KR20100024605A (en) | A password authenticated key exchange method using the rsa | |
| CN111416712A (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN108075896A (en) | Use the system and method for the cryptography structure Self-certified message based on mark | |
| CN113014376B (en) | Method for safety authentication between user and server | |
| Datta | Zero knowledge password authentication protocol | |
| Zhu | Cryptanalysis and improvement of a mobile dynamic ID authenticated key agreement scheme based on chaotic maps | |
| Hsu et al. | Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |